Skip to:
Content

BuddyPress.org

Changeset 12735


Ignore:
Timestamp:
09/25/2020 07:15:20 PM (4 years ago)
Author:
imath
Message:

Templates: avoid duplicate IDs into comment form nonce field

We now include the Activity ID to the id attribute of the input tag generated for the nonce field used into the Activity comment form. This makes sure to avoid duplicate IDs when multiple activities are displayed on the activity pages.

Props dcavins

Fixes #8004

Location:
trunk/src/bp-templates
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-templates/bp-legacy/buddypress/activity/entry.php

    r12595 r12735  
    146146                    do_action( 'bp_activity_entry_comments' ); ?>
    147147
    148                     <?php wp_nonce_field( 'new_activity_comment', '_wpnonce_new_activity_comment' ); ?>
     148                    <?php wp_nonce_field( 'new_activity_comment', '_wpnonce_new_activity_comment_' . bp_get_activity_id() ); ?>
    149149
    150150                </form>
  • trunk/src/bp-templates/bp-legacy/js/buddypress.js

    r12359 r12735  
    611611                action: 'new_activity_comment',
    612612                'cookie': bp_get_cookies(),
    613                 '_wpnonce_new_activity_comment': jq('#_wpnonce_new_activity_comment').val(),
     613                '_wpnonce_new_activity_comment': jq('#_wpnonce_new_activity_comment' + '_' + comment_id ).val(),
    614614                'comment_id': comment_id,
    615615                'form_id': form_id[2],
  • trunk/src/bp-templates/bp-nouveau/buddypress/activity/comment-form.php

    r12156 r12735  
    2424
    2525        <?php
    26         bp_nouveau_submit_button( 'activity-new-comment' );
     26        bp_nouveau_submit_button( 'activity-new-comment', bp_get_activity_id() );
    2727        printf(
    2828            '&nbsp; <button type="button" class="ac-reply-cancel">%s</button>',
  • trunk/src/bp-templates/bp-nouveau/includes/template-tags.php

    r12703 r12735  
    25862586 * @param string $action The action to get the submit button for. Required.
    25872587 */
    2588 function bp_nouveau_submit_button( $action ) {
     2588function bp_nouveau_submit_button( $action, $object_id = 0 ) {
    25892589    $submit_data = bp_nouveau_get_submit_button( $action );
    25902590    if ( empty( $submit_data['attributes'] ) || empty( $submit_data['nonce'] ) ) {
     
    26202620        wp_nonce_field( $submit_data['nonce'] );
    26212621    } else {
     2622        if ( $object_id ) {
     2623            $submit_data['nonce_key'] .= '_' . (int) $object_id;
     2624        }
     2625
    26222626        wp_nonce_field( $submit_data['nonce'], $submit_data['nonce_key'] );
    26232627    }
  • trunk/src/bp-templates/bp-nouveau/js/buddypress-activity.js

    r12378 r12735  
    11/* jshint browser: true */
    22/* global bp, BP_Nouveau */
    3 /* @version 3.1.0 */
     3/* @since 3.0.0 */
     4/* @version 7.0.0 */
    45window.bp = window.bp || {};
    56
     
    736737                comment_data = {
    737738                    action                        : 'new_activity_comment',
    738                     _wpnonce_new_activity_comment : $( '#_wpnonce_new_activity_comment' ).val(),
     739                    _wpnonce_new_activity_comment : $( '#_wpnonce_new_activity_comment' + '_' + item_id ).val(),
    739740                    comment_id                    : item_id,
    740741                    form_id                       : activity_id,
Note: See TracChangeset for help on using the changeset viewer.