Changeset 11858 for trunk/src/bp-templates/bp-legacy/buddypress-functions.php

Timestamp:

02/15/2018 03:52:40 PM (7 years ago)

Author:

espellcaste

Message:

Make use of bp_is_post_request() instead of hardcoding POST verifications directly.

BuddyPress is not making use of the bp_is_post_request() in several ajax scenarios to confirm if the post request is indeed a POST request. Instead, it is hardcoding the check directly. This change updates those places making use of this function.

Props DjPaul

Fixes #7684

File:

• trunk/src/bp-templates/bp-legacy/buddypress-functions.php (modified) (18 diffs)

trunk/src/bp-templates/bp-legacy/buddypress-functions.php

@@ -780 +780 @@
  */
 function bp_legacy_theme_object_template_loader() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Bail if no object passed.
-    if ( empty( $_POST['object'] ) )
-        return;
+    if ( empty( $_POST['object'] ) ) {
+        return;
+    }
 
     // Sanitize the object.
@@ -792 +793 @@
 
     // Bail if object is not an active component to prevent arbitrary file inclusion.
-    if ( ! bp_is_active( $object ) )
-        return;
+    if ( ! bp_is_active( $object ) ) {
+        return;
+    }
 
     /**
@@ -860 +862 @@
  */
 function bp_legacy_theme_activity_template_loader() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     $scope = '';
@@ -921 +923 @@
     $bp = buddypress();
 
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Check the nonce.
@@ -1010 +1012 @@
     $bp = buddypress();
 
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
+    if ( ! bp_is_post_request() ) {
         return;
     }
@@ -1079 +1080 @@
  */
 function bp_legacy_theme_delete_activity() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Check the nonce.
@@ -1117 +1118 @@
  */
 function bp_legacy_theme_delete_activity_comment() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Check the nonce.
@@ -1159 +1160 @@
     $bp = buddypress();
 
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Check that user is logged in, Activity Streams are enabled, and Akismet is present.
@@ -1204 +1205 @@
 function bp_legacy_theme_mark_activity_favorite() {
     // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     if ( ! isset( $_POST['nonce'] ) ) {
@@ -1233 +1235 @@
  */
 function bp_legacy_theme_unmark_activity_favorite() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     if ( ! isset( $_POST['nonce'] ) ) {
@@ -1264 +1266 @@
  */
 function bp_legacy_theme_get_single_activity_content() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     $activity_array = bp_activity_get_specific( array(
@@ -1304 +1306 @@
  */
 function bp_legacy_theme_ajax_invite_user() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     check_ajax_referer( 'groups_invite_uninvite_user' );
@@ -1387 +1389 @@
  */
 function bp_legacy_theme_ajax_addremove_friend() {
-
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Cast fid as an integer.
@@ -1441 +1442 @@
  */
 function bp_legacy_theme_ajax_accept_friendship() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     check_admin_referer( 'friends_accept_friendship' );
@@ -1461 +1462 @@
  */
 function bp_legacy_theme_ajax_reject_friendship() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     check_admin_referer( 'friends_reject_friendship' );
@@ -1481 +1482 @@
  */
 function bp_legacy_theme_ajax_joinleave_group() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     // Cast gid as integer.
@@ -1552 +1553 @@
  */
 function bp_legacy_theme_ajax_close_notice() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' );
@@ -1584 +1585 @@
  */
 function bp_legacy_theme_ajax_messages_send_reply() {
-    // Bail if not a POST action.
-    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
-        return;
+    if ( ! bp_is_post_request() ) {
+        return;
+    }
 
     check_ajax_referer( 'messages_send_message' );