Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/15/2018 03:52:40 PM (4 years ago)
Author:
espellcaste
Message:

Make use of bp_is_post_request() instead of hardcoding POST verifications directly.

BuddyPress is not making use of the bp_is_post_request() in several ajax scenarios to confirm if the post request is indeed a POST request. Instead, it is hardcoding the check directly. This change updates those places making use of this function.

Props DjPaul

Fixes #7684

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-templates/bp-legacy/buddypress-functions.php

    r11821 r11858  
    780780 */
    781781function bp_legacy_theme_object_template_loader() {
    782     // Bail if not a POST action.
    783     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    784         return;
     782    if ( ! bp_is_post_request() ) {
     783        return;
     784    }
    785785
    786786    // Bail if no object passed.
    787     if ( empty( $_POST['object'] ) )
    788         return;
     787    if ( empty( $_POST['object'] ) ) {
     788        return;
     789    }
    789790
    790791    // Sanitize the object.
     
    792793
    793794    // Bail if object is not an active component to prevent arbitrary file inclusion.
    794     if ( ! bp_is_active( $object ) )
    795         return;
     795    if ( ! bp_is_active( $object ) ) {
     796        return;
     797    }
    796798
    797799    /**
     
    860862 */
    861863function bp_legacy_theme_activity_template_loader() {
    862     // Bail if not a POST action.
    863     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    864         return;
     864    if ( ! bp_is_post_request() ) {
     865        return;
     866    }
    865867
    866868    $scope = '';
     
    921923    $bp = buddypress();
    922924
    923     // Bail if not a POST action.
    924     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    925         return;
     925    if ( ! bp_is_post_request() ) {
     926        return;
     927    }
    926928
    927929    // Check the nonce.
     
    10101012    $bp = buddypress();
    10111013
    1012     // Bail if not a POST action.
    1013     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     1014    if ( ! bp_is_post_request() ) {
    10141015        return;
    10151016    }
     
    10791080 */
    10801081function bp_legacy_theme_delete_activity() {
    1081     // Bail if not a POST action.
    1082     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1083         return;
     1082    if ( ! bp_is_post_request() ) {
     1083        return;
     1084    }
    10841085
    10851086    // Check the nonce.
     
    11171118 */
    11181119function bp_legacy_theme_delete_activity_comment() {
    1119     // Bail if not a POST action.
    1120     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1121         return;
     1120    if ( ! bp_is_post_request() ) {
     1121        return;
     1122    }
    11221123
    11231124    // Check the nonce.
     
    11591160    $bp = buddypress();
    11601161
    1161     // Bail if not a POST action.
    1162     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1163         return;
     1162    if ( ! bp_is_post_request() ) {
     1163        return;
     1164    }
    11641165
    11651166    // Check that user is logged in, Activity Streams are enabled, and Akismet is present.
     
    12041205function bp_legacy_theme_mark_activity_favorite() {
    12051206    // Bail if not a POST action.
    1206     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1207         return;
     1207    if ( ! bp_is_post_request() ) {
     1208        return;
     1209    }
    12081210
    12091211    if ( ! isset( $_POST['nonce'] ) ) {
     
    12331235 */
    12341236function bp_legacy_theme_unmark_activity_favorite() {
    1235     // Bail if not a POST action.
    1236     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1237         return;
     1237    if ( ! bp_is_post_request() ) {
     1238        return;
     1239    }
    12381240
    12391241    if ( ! isset( $_POST['nonce'] ) ) {
     
    12641266 */
    12651267function bp_legacy_theme_get_single_activity_content() {
    1266     // Bail if not a POST action.
    1267     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1268         return;
     1268    if ( ! bp_is_post_request() ) {
     1269        return;
     1270    }
    12691271
    12701272    $activity_array = bp_activity_get_specific( array(
     
    13041306 */
    13051307function bp_legacy_theme_ajax_invite_user() {
    1306     // Bail if not a POST action.
    1307     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1308         return;
     1308    if ( ! bp_is_post_request() ) {
     1309        return;
     1310    }
    13091311
    13101312    check_ajax_referer( 'groups_invite_uninvite_user' );
     
    13871389 */
    13881390function bp_legacy_theme_ajax_addremove_friend() {
    1389 
    1390     // Bail if not a POST action.
    1391     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1392         return;
     1391    if ( ! bp_is_post_request() ) {
     1392        return;
     1393    }
    13931394
    13941395    // Cast fid as an integer.
     
    14411442 */
    14421443function bp_legacy_theme_ajax_accept_friendship() {
    1443     // Bail if not a POST action.
    1444     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1445         return;
     1444    if ( ! bp_is_post_request() ) {
     1445        return;
     1446    }
    14461447
    14471448    check_admin_referer( 'friends_accept_friendship' );
     
    14611462 */
    14621463function bp_legacy_theme_ajax_reject_friendship() {
    1463     // Bail if not a POST action.
    1464     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1465         return;
     1464    if ( ! bp_is_post_request() ) {
     1465        return;
     1466    }
    14661467
    14671468    check_admin_referer( 'friends_reject_friendship' );
     
    14811482 */
    14821483function bp_legacy_theme_ajax_joinleave_group() {
    1483     // Bail if not a POST action.
    1484     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1485         return;
     1484    if ( ! bp_is_post_request() ) {
     1485        return;
     1486    }
    14861487
    14871488    // Cast gid as integer.
     
    15521553 */
    15531554function bp_legacy_theme_ajax_close_notice() {
    1554     // Bail if not a POST action.
    1555     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1556         return;
     1555    if ( ! bp_is_post_request() ) {
     1556        return;
     1557    }
    15571558
    15581559    $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' );
     
    15841585 */
    15851586function bp_legacy_theme_ajax_messages_send_reply() {
    1586     // Bail if not a POST action.
    1587     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1588         return;
     1587    if ( ! bp_is_post_request() ) {
     1588        return;
     1589    }
    15891590
    15901591    check_ajax_referer( 'messages_send_message' );
Note: See TracChangeset for help on using the changeset viewer.