Changeset 11820
- Timestamp:
- 01/25/2018 08:16:40 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.9/src/bp-core/bp-core-attachments.php
r11447 r11820 448 448 $type_dir = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $type_subdir; 449 449 450 if ( ! is_dir( $type_dir ) ) {450 if ( 0 !== validate_file( $type_dir ) || ! is_dir( $type_dir ) ) { 451 451 return $attachment_data; 452 452 } … … 1315 1315 $cover_dir = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $cover_subdir; 1316 1316 1317 if ( ! is_dir( $cover_dir ) ) {1317 if ( 0 !== validate_file( $cover_dir ) || ! is_dir( $cover_dir ) ) { 1318 1318 // Upload error response. 1319 1319 bp_attachments_json_response( false, $is_html4, array( … … 1397 1397 } 1398 1398 1399 $cover_image_data = $_POST; 1400 1401 if ( empty( $cover_image_data['object'] ) || empty( $cover_image_data['item_id'] ) ) { 1399 if ( empty( $_POST['object'] ) || empty( $_POST['item_id'] ) ) { 1402 1400 wp_send_json_error(); 1403 1401 } 1404 1402 1405 // Check the nonce. 1403 $args = array( 1404 'object' => sanitize_text_field( $_POST['object'] ), 1405 'item_id' => (int) $_POST['item_id'], 1406 ); 1407 1408 // Check permissions. 1406 1409 check_admin_referer( 'bp_delete_cover_image', 'nonce' ); 1407 1408 // Capability check. 1409 if ( ! bp_attachments_current_user_can( 'edit_cover_image', $cover_image_data ) ) { 1410 if ( ! bp_attachments_current_user_can( 'edit_cover_image', $args ) ) { 1410 1411 wp_send_json_error(); 1411 1412 } 1412 1413 1413 1414 // Set object for the user's case. 1414 if ( 'user' === $ cover_image_data['object'] ) {1415 if ( 'user' === $args['object'] ) { 1415 1416 $component = 'xprofile'; 1416 1417 $dir = 'members'; … … 1418 1419 // Set it for any other cases. 1419 1420 } else { 1420 $component = $ cover_image_data['object'] . 's';1421 $component = $args['object'] . 's'; 1421 1422 $dir = $component; 1422 1423 } 1423 1424 1424 1425 // Handle delete. 1425 if ( bp_attachments_delete_file( array( 'item_id' => $ cover_image_data['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) {1426 if ( bp_attachments_delete_file( array( 'item_id' => $args['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) { 1426 1427 /** 1427 1428 * Fires if the cover image was successfully deleted. … … 1436 1437 * @param int $item_id Inform about the item id the cover image was deleted for. 1437 1438 */ 1438 do_action( "{$component}_cover_image_deleted", (int) $ cover_image_data['item_id'] );1439 do_action( "{$component}_cover_image_deleted", (int) $args['item_id'] ); 1439 1440 1440 1441 // Defaults no cover image.
Note: See TracChangeset
for help on using the changeset viewer.