Skip to:
Content

BuddyPress.org

Changeset 11819


Ignore:
Timestamp:
01/25/2018 08:15:02 PM (4 years ago)
Author:
djpaul
Message:

Media: improvements to cover image handling methods.

Props slaffik, ripstech.com

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-attachments.php

    r11779 r11819  
    448448    $type_dir    = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $type_subdir;
    449449
    450     if ( ! is_dir( $type_dir ) ) {
     450    if ( 0 !== validate_file( $type_dir ) || ! is_dir( $type_dir ) ) {
    451451        return $attachment_data;
    452452    }
     
    13041304    $cover_dir    = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $cover_subdir;
    13051305
    1306     if ( ! is_dir( $cover_dir ) ) {
     1306    if ( 0 !== validate_file( $cover_dir ) || ! is_dir( $cover_dir ) ) {
    13071307        // Upload error response.
    13081308        bp_attachments_json_response( false, $is_html4, array(
     
    13831383    }
    13841384
    1385     $cover_image_data = $_POST;
    1386 
    1387     if ( empty( $cover_image_data['object'] ) || empty( $cover_image_data['item_id'] ) ) {
     1385    if ( empty( $_POST['object'] ) || empty( $_POST['item_id'] ) ) {
    13881386        wp_send_json_error();
    13891387    }
    13901388
    1391     // Check the nonce.
     1389    $args = array(
     1390        'object'  => sanitize_text_field( $_POST['object'] ),
     1391        'item_id' => (int) $_POST['item_id'],
     1392    );
     1393
     1394    // Check permissions.
    13921395    check_admin_referer( 'bp_delete_cover_image', 'nonce' );
    1393 
    1394     // Capability check.
    1395     if ( ! bp_attachments_current_user_can( 'edit_cover_image', $cover_image_data ) ) {
     1396    if ( ! bp_attachments_current_user_can( 'edit_cover_image', $args ) ) {
    13961397        wp_send_json_error();
    13971398    }
    13981399
    13991400    // Set object for the user's case.
    1400     if ( 'user' === $cover_image_data['object'] ) {
     1401    if ( 'user' === $args['object'] ) {
    14011402        $component = 'xprofile';
    14021403        $dir       = 'members';
     
    14041405    // Set it for any other cases.
    14051406    } else {
    1406         $component = $cover_image_data['object'] . 's';
     1407        $component = $args['object'] . 's';
    14071408        $dir       = $component;
    14081409    }
    14091410
    14101411    // Handle delete.
    1411     if ( bp_attachments_delete_file( array( 'item_id' => $cover_image_data['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) {
     1412    if ( bp_attachments_delete_file( array( 'item_id' => $args['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) {
    14121413        /**
    14131414         * Fires if the cover image was successfully deleted.
     
    14221423         * @param int $item_id Inform about the item id the cover image was deleted for.
    14231424         */
    1424         do_action( "{$component}_cover_image_deleted", (int) $cover_image_data['item_id'] );
     1425        do_action( "{$component}_cover_image_deleted", (int) $args['item_id'] );
    14251426
    14261427        $response = array(
Note: See TracChangeset for help on using the changeset viewer.