Skip to:
Content

BuddyPress.org

Changeset 11820


Ignore:
Timestamp:
01/25/2018 08:16:40 PM (7 years ago)
Author:
djpaul
Message:

Media: improvements to cover image handling methods.

Props slaffik, ripstech.com

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.9/src/bp-core/bp-core-attachments.php

    r11447 r11820  
    448448    $type_dir    = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $type_subdir;
    449449
    450     if ( ! is_dir( $type_dir ) ) {
     450    if ( 0 !== validate_file( $type_dir ) || ! is_dir( $type_dir ) ) {
    451451        return $attachment_data;
    452452    }
     
    13151315    $cover_dir    = trailingslashit( $bp_attachments_uploads_dir['basedir'] ) . $cover_subdir;
    13161316
    1317     if ( ! is_dir( $cover_dir ) ) {
     1317    if ( 0 !== validate_file( $cover_dir ) || ! is_dir( $cover_dir ) ) {
    13181318        // Upload error response.
    13191319        bp_attachments_json_response( false, $is_html4, array(
     
    13971397    }
    13981398
    1399     $cover_image_data = $_POST;
    1400 
    1401     if ( empty( $cover_image_data['object'] ) || empty( $cover_image_data['item_id'] ) ) {
     1399    if ( empty( $_POST['object'] ) || empty( $_POST['item_id'] ) ) {
    14021400        wp_send_json_error();
    14031401    }
    14041402
    1405     // Check the nonce.
     1403    $args = array(
     1404        'object'  => sanitize_text_field( $_POST['object'] ),
     1405        'item_id' => (int) $_POST['item_id'],
     1406    );
     1407
     1408    // Check permissions.
    14061409    check_admin_referer( 'bp_delete_cover_image', 'nonce' );
    1407 
    1408     // Capability check.
    1409     if ( ! bp_attachments_current_user_can( 'edit_cover_image', $cover_image_data ) ) {
     1410    if ( ! bp_attachments_current_user_can( 'edit_cover_image', $args ) ) {
    14101411        wp_send_json_error();
    14111412    }
    14121413
    14131414    // Set object for the user's case.
    1414     if ( 'user' === $cover_image_data['object'] ) {
     1415    if ( 'user' === $args['object'] ) {
    14151416        $component = 'xprofile';
    14161417        $dir       = 'members';
     
    14181419    // Set it for any other cases.
    14191420    } else {
    1420         $component = $cover_image_data['object'] . 's';
     1421        $component = $args['object'] . 's';
    14211422        $dir       = $component;
    14221423    }
    14231424
    14241425    // Handle delete.
    1425     if ( bp_attachments_delete_file( array( 'item_id' => $cover_image_data['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) {
     1426    if ( bp_attachments_delete_file( array( 'item_id' => $args['item_id'], 'object_dir' => $dir, 'type' => 'cover-image' ) ) ) {
    14261427        /**
    14271428         * Fires if the cover image was successfully deleted.
     
    14361437         * @param int $item_id Inform about the item id the cover image was deleted for.
    14371438         */
    1438         do_action( "{$component}_cover_image_deleted", (int) $cover_image_data['item_id'] );
     1439        do_action( "{$component}_cover_image_deleted", (int) $args['item_id'] );
    14391440
    14401441        // Defaults no cover image.
Note: See TracChangeset for help on using the changeset viewer.