Context Navigation

buddypress-functions.php

Timestamp:

04/25/2019 02:24:26 PM (7 years ago)

Author:

boonebgorges

Message:

Activity: Improved capability checks when processing reply POSTs.

File:

-                      r12365
+                      r12371
+    }
+    $activity_id   = (int) $_POST['form_id'];
+    $activity_item = new BP_Activity_Activity( $activity_id );
+    if ( ! bp_activity_user_can_read( $activity_item ) ) {
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html( $feedback ) . '</p></div>' );
+    }
     $comment_id = bp_activity_new_comment( array(
         'activity_id' => $_POST['form_id'],
+        'activity_id' => $activity_id,
         'content'     => $_POST['content'],
         'parent_id'   => $_POST['comment_id'],

Note: See TracChangeset for help on using the changeset viewer.