Changeset 13452
- Timestamp:
- 04/16/2023 02:57:37 PM (17 months ago)
- Location:
- trunk/src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/bp-core-rewrites.php
r13441 r13452 68 68 69 69 /** 70 * Returns the slug to use for the viewbelonging to the requested component.70 * Returns the slug to use for the screen belonging to the requested component. 71 71 * 72 72 * @since 12.0.0 73 73 * 74 74 * @param string $component_id The BuddyPress component's ID. 75 * @param string $rewrite_id The viewrewrite ID, used to find the custom slugs.75 * @param string $rewrite_id The screen rewrite ID, used to find the custom slugs. 76 76 * Eg: `member_profile_edit` will try to find the xProfile edit's slug. 77 * @param string $default_slug The viewdefault slug, used as a fallback.78 * @return string The slug to use for the viewbelonging to the requested component.77 * @param string $default_slug The screen default slug, used as a fallback. 78 * @return string The slug to use for the screen belonging to the requested component. 79 79 */ 80 80 function bp_rewrites_get_slug( $component_id = '', $rewrite_id = '', $default_slug = '' ) { 81 /** 82 * This filter is used by the BP Classic plugin to force `$default_slug` usage. 83 * 84 * Using the "Classic" BuddyPress means deprecated functions building URL concatening 85 * URL chunks are available, we cannot use the BP Rewrites API in this case & as a result 86 * slug customization is bypassed. 87 * 88 * The BP Classic plugin is simply returning the `$default_slug` to bypass slug customization. 89 * 90 * @since 12.0.0 91 * 92 * @param string $value An empty string to use as to know whether slug customization should be used. 93 * @param string $default_slug The screen default slug, used as a fallback. 94 * @param string $rewrite_id The screen rewrite ID, used to find the custom slugs. 95 * @param string $component_id The BuddyPress component's ID. 96 */ 97 $classic_slug = apply_filters( 'bp_rewrites_pre_get_slug', '', $default_slug, $rewrite_id, $component_id ); 98 if ( $classic_slug ) { 99 return $classic_slug; 100 } 101 81 102 $directory_pages = bp_core_get_directory_pages(); 82 103 $slug = $default_slug; -
trunk/src/bp-groups/classes/class-bp-group-extension.php
r13446 r13452 189 189 190 190 /** 191 * The Callback function to use before showing the navigation item. 192 * 193 * @since 12.0.0 194 * @var string 195 */ 196 public $show_tab_callback = ''; 197 198 /** 199 * List of Group access levels. 200 * 201 * @since 12.0.0 202 * @var string[] 203 */ 204 public $access_levels = array( 'noone', 'admin', 'mod', 'member', 'loggedin', 'anyone' ); 205 206 /** 191 207 * Whether the current user can visit the tab. 192 208 * … … 292 308 * @param int|null $group_id ID of the group to display. 293 309 */ 294 public function display( $group_id = null ) {} 310 public function display( $group_id = null ) { 311 return new WP_Error( 312 'invalid-method', 313 /* translators: %s: Method name. */ 314 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 315 ); 316 } 295 317 296 318 /** … … 299 321 * @since 1.1.0 300 322 */ 301 public function widget_display() {} 323 public function widget_display() { 324 return new WP_Error( 325 'invalid-method', 326 /* translators: %s: Method name. */ 327 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 328 ); 329 } 302 330 303 331 /* … … 308 336 * versions. 309 337 */ 310 public function settings_screen( $group_id = null ) {} 311 public function settings_screen_save( $group_id = null ) {} 312 public function edit_screen( $group_id = null ) {} 313 public function edit_screen_save( $group_id = null ) {} 314 public function create_screen( $group_id = null ) {} 315 public function create_screen_save( $group_id = null ) {} 316 public function admin_screen( $group_id = null ) {} 317 public function admin_screen_save( $group_id = null ) {} 338 339 /** 340 * Provide the fallback markup for Group's Create/Admin/Edit screens. 341 * 342 * @since 1.8.0 343 * 344 * @param int|null $group_id ID of the group to display. 345 */ 346 public function settings_screen( $group_id = null ) { 347 return new WP_Error( 348 'invalid-method', 349 /* translators: %s: Method name. */ 350 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 351 ); 352 } 353 354 /** 355 * Group's Fallback handler for the Create/Admin/Edit screens. 356 * 357 * @since 1.8.0 358 * 359 * @param int|null $group_id ID of the group to display. 360 */ 361 public function settings_screen_save( $group_id = null ) { 362 return new WP_Error( 363 'invalid-method', 364 /* translators: %s: Method name. */ 365 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 366 ); 367 } 368 369 /** 370 * The content of the Manage sub tab. 371 * 372 * @since 1.1.0 373 * 374 * @param int|null $group_id ID of the group to display. 375 */ 376 public function edit_screen( $group_id = null ) { 377 return new WP_Error( 378 'invalid-method', 379 /* translators: %s: Method name. */ 380 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 381 ); 382 } 383 384 /** 385 * Group Manage sub tab handler. 386 * 387 * @since 1.1.0 388 * 389 * @param int|null $group_id ID of the group to display. 390 */ 391 public function edit_screen_save( $group_id = null ) { 392 return new WP_Error( 393 'invalid-method', 394 /* translators: %s: Method name. */ 395 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 396 ); 397 } 398 399 /** 400 * The content of the group create step tab. 401 * 402 * @since 1.1.0 403 * 404 * @param int|null $group_id ID of the group to display. 405 */ 406 public function create_screen( $group_id = null ) { 407 return new WP_Error( 408 'invalid-method', 409 /* translators: %s: Method name. */ 410 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 411 ); 412 } 413 414 /** 415 * Group create step tab handler. 416 * 417 * @since 1.1.0 418 * 419 * @param int|null $group_id ID of the group to display. 420 */ 421 public function create_screen_save( $group_id = null ) { 422 return new WP_Error( 423 'invalid-method', 424 /* translators: %s: Method name. */ 425 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 426 ); 427 } 428 429 /** 430 * The content of Group's WP Administration screen metabox. 431 * 432 * @since 1.8.0 433 * 434 * @param int|null $group_id ID of the group to display. 435 */ 436 public function admin_screen( $group_id = null ) { 437 return new WP_Error( 438 'invalid-method', 439 /* translators: %s: Method name. */ 440 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 441 ); 442 } 443 444 /** 445 * Group's WP Administration screen handler. 446 * 447 * @since 1.8.0 448 * 449 * @param int|null $group_id ID of the group to display. 450 */ 451 public function admin_screen_save( $group_id = null ) { 452 return new WP_Error( 453 'invalid-method', 454 /* translators: %s: Method name. */ 455 sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ ) 456 ); 457 } 318 458 319 459 /** Setup *************************************************************/ … … 337 477 * @since 1.8.0 338 478 * @since 2.1.0 Added 'access' and 'show_tab' arguments to `$args`. 479 * @since 12.0.0 Set the Group Extension screens. 339 480 * 340 481 * @param array $args { … … 379 520 $this->params_raw = $args; 380 521 381 // Before this init() method was introduced, plugins were 382 // encouraged to set their config directly. For backward 383 // compatibility with these plugins, we detect whether this is 384 // one of those legacy plugins, and parse any legacy arguments 385 // with those passed to init(). 522 /* 523 * Before this init() method was introduced, plugins were 524 * encouraged to set their config directly. For backward 525 * compatibility with these plugins, we detect whether this is 526 * one of those legacy plugins, and parse any legacy arguments 527 * with those passed to init(). 528 */ 386 529 $this->parse_legacy_properties(); 387 530 $args = $this->parse_args_r( $args, $this->legacy_properties_converted ); 388 531 389 532 // Parse with defaults. 390 $this->params = $this->parse_args_r( $args, array( 391 'slug' => $this->slug, 392 'name' => $this->name, 393 'visibility' => $this->visibility, 394 'nav_item_position' => $this->nav_item_position, 395 'enable_nav_item' => (bool) $this->enable_nav_item, 396 'nav_item_name' => $this->nav_item_name, 397 'display_hook' => $this->display_hook, 398 'template_file' => $this->template_file, 399 'screens' => $this->get_default_screens(), 400 'access' => null, 401 'show_tab' => null, 402 ) ); 533 $this->params = $this->parse_args_r( 534 $args, 535 array( 536 'slug' => $this->slug, 537 'name' => $this->name, 538 'visibility' => $this->visibility, 539 'nav_item_position' => $this->nav_item_position, 540 'enable_nav_item' => (bool) $this->enable_nav_item, 541 'nav_item_name' => $this->nav_item_name, 542 'display_hook' => $this->display_hook, 543 'template_file' => $this->template_file, 544 'screens' => $this->get_default_screens(), 545 'access' => null, 546 'show_tab' => null, 547 ) 548 ); 549 550 $show_tab = $this->params['show_tab']; 551 if ( $show_tab && ! in_array( $show_tab, $this->access_levels, true ) && is_callable( $show_tab ) ) { 552 $this->show_tab_callback = $show_tab; 553 554 // Group Admin can always see. 555 $this->params['show_tab'] = 'admin'; 556 } 403 557 404 558 $this->initialized = true; 559 560 // Specific to BP Rewrites. 561 $bp = buddypress(); 562 $group_extension_class = get_class( $this ); 563 $slug = $this->params['slug']; 564 $name = $this->params['name']; 565 $rewrite_id_suffix = str_replace( '-', '_', $slug ); 566 567 // Populate Slugs And Names to allow BP Rewrites customizations. 568 if ( isset( $bp->groups->group_extensions[ $group_extension_class ] ) ) { 569 $default_data = array( 570 'slug' => $slug, 571 'name' => $name, 572 ); 573 574 $bp->groups->group_extensions[ $group_extension_class ] = array( 575 'read' => array( 576 $slug => array_merge( 577 $default_data, 578 array( 579 'rewrite_id' => 'bp_group_read_' . $rewrite_id_suffix, 580 ) 581 ), 582 ), 583 'manage' => array( 584 $slug => array_merge( 585 $default_data, 586 array( 587 'rewrite_id' => 'bp_group_manage_' . $rewrite_id_suffix, 588 ) 589 ), 590 ), 591 'create' => array( 592 $slug => array_merge( 593 $default_data, 594 array( 595 'rewrite_id' => 'bp_group_create_' . $rewrite_id_suffix, 596 ) 597 ), 598 ), 599 ); 600 601 if ( $this->params['nav_item_name'] ) { 602 $bp->groups->group_extensions[ $group_extension_class ]['read']['name'] = $this->params['nav_item_name']; 603 } 604 605 foreach ( $this->params['screens'] as $screen => $data ) { 606 $screen_key = $screen; 607 if ( 'admin' === $screen ) { 608 continue; 609 } 610 611 if ( 'edit' === $screen ) { 612 $screen_key = 'manage'; 613 } 614 615 if ( ! $data['enabled'] ) { 616 unset( $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ] ); 617 continue; 618 } 619 620 if ( isset( $data['slug'] ) && $data['slug'] ) { 621 $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ][ $slug ]['slug'] = $data['slug']; 622 } 623 624 if ( isset( $data['name'] ) && $data['name'] ) { 625 $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ][ $slug ]['name'] = $data['name']; 626 } 627 } 628 } 405 629 } 406 630 … … 494 718 495 719 // On the admin, get the group id out of the $_GET params. 496 if ( empty( $group_id ) && is_admin() && ( isset( $_GET['page'] ) && ( 'bp-groups' === $_GET['page'] ) ) && ! empty( $_GET['gid'] ) ) { 497 $group_id = (int) $_GET['gid']; 498 } 499 500 // This fallback will only be hit when the create step is very 501 // early. 720 if ( empty( $group_id ) && is_admin() ) { 721 // phpcs:disable WordPress.Security.NonceVerification 722 $admin_page = ''; 723 if ( isset( $_GET['page'] ) ) { 724 $admin_page = sanitize_text_field( wp_unslash( $_GET['page'] ) ); 725 } 726 727 if ( 'bp-groups' === $admin_page && isset( $_GET['gid'] ) ) { 728 $group_id = (int) sanitize_text_field( wp_unslash( $_GET['gid'] ) ); 729 } 730 // phpcs:enable WordPress.Security.NonceVerification 731 } 732 733 /* 734 * This fallback will only be hit when the create step is very 735 * early. 736 */ 502 737 if ( empty( $group_id ) && bp_get_new_group_id() ) { 503 738 $group_id = bp_get_new_group_id(); 504 739 } 505 740 506 // On some setups, the group id has to be fetched out of the 507 // $_POST array 508 // @todo Figure out why this is happening during group creation. 741 /* 742 * On some setups, the group id has to be fetched out of the 743 * $_POST array 744 * @todo Figure out why this is happening during group creation. 745 */ 746 // phpcs:disable WordPress.Security.NonceVerification 509 747 if ( empty( $group_id ) && isset( $_POST['group_id'] ) ) { 510 $group_id = (int) $_POST['group_id']; 511 } 748 $group_id = (int) sanitize_text_field( wp_unslash( $_POST['group_id'] ) ); 749 } 750 // phpcs:enable WordPress.Security.NonceVerification 512 751 513 752 return $group_id; … … 588 827 $this->user_can_visit = false; 589 828 590 // Backward compatibility for components that do not provide 591 // explicit 'access' parameter. 829 /* 830 * Backward compatibility for components that do not provide 831 * explicit 'access' parameter. 832 */ 592 833 if ( empty( $this->params['access'] ) ) { 593 834 if ( false === $this->params['enable_nav_item'] ) { … … 612 853 } 613 854 614 // If the current user meets at least one condition, the 615 // get access. 855 /* 856 * If the current user meets at least one condition, the 857 * get access. 858 */ 616 859 foreach ( $access_conditions as $access_condition ) { 617 860 if ( $this->user_meets_access_condition( $access_condition ) ) { … … 624 867 $this->user_can_see_nav_item = false; 625 868 626 // Backward compatibility for components that do not provide 627 // explicit 'show_tab' parameter. 869 /* 870 * Backward compatibility for components that do not provide 871 * explicit 'show_tab' parameter. 872 */ 628 873 if ( empty( $this->params['show_tab'] ) ) { 629 874 if ( false === $this->params['enable_nav_item'] ) { 630 // The enable_nav_item index is only false if it's been 631 // defined explicitly as such in the 632 // constructor. So we always trust this value. 875 /* 876 * The enable_nav_item index is only false if it's been 877 * defined explicitly as such in the 878 * constructor. So we always trust this value. 879 */ 633 880 $this->params['show_tab'] = 'noone'; 634 881 635 882 } elseif ( isset( $this->params_raw['enable_nav_item'] ) || isset( $this->params_raw['visibility'] ) ) { 636 // If enable_nav_item or visibility is passed, 637 // we assume this is a legacy extension. 638 // Legacy behavior is that enable_nav_item=true + 639 // visibility=private implies members-only. 883 /* 884 * If enable_nav_item or visibility is passed, 885 * we assume this is a legacy extension. 886 * Legacy behavior is that enable_nav_item=true + 887 * visibility=private implies members-only. 888 */ 640 889 if ( 'public' !== $this->visibility ) { 641 890 $this->params['show_tab'] = 'member'; … … 645 894 646 895 } else { 647 // No show_tab or enable_nav_item value is 648 // available, so match the value of 'access'. 896 /* 897 * No show_tab or enable_nav_item value is 898 * available, so match the value of 'access'. 899 */ 649 900 $this->params['show_tab'] = $this->params['access']; 650 901 } … … 657 908 } 658 909 659 // If the current user meets at least one condition, the 660 // get access. 910 /* 911 * If the current user meets at least one condition, the 912 * get access. 913 */ 661 914 foreach ( $access_conditions as $access_condition ) { 662 915 if ( $this->user_meets_access_condition( $access_condition ) ) { … … 711 964 712 965 /** 966 * Returns the Rewrite ID of the Group Extension Item according to the context. 967 * 968 * @since 12.0.0 969 * 970 * @param string $context One of these contexts: 'create', 'manage', 'read'. 971 * @return string The found Rewrite ID, an empty string otherwise. 972 */ 973 protected function get_rewrite_id_for( $context = '' ) { 974 $rewrite_id = ''; 975 $group_extensions = buddypress()->groups->group_extensions; 976 $group_extension_class = get_class( $this ); 977 978 if ( isset( $group_extensions[ $group_extension_class ][ $context ][ $this->slug ]['rewrite_id'] ) ) { 979 $rewrite_id = $group_extensions[ $group_extension_class ][ $context ][ $this->slug ]['rewrite_id']; 980 } 981 982 return $rewrite_id; 983 } 984 985 /** 713 986 * Hook this extension's group tab into BuddyPress, if necessary. 714 987 * … … 730 1003 $user_can_see_nav_item = $this->user_can_see_nav_item(); 731 1004 732 if ( $user_can_see_nav_item ) {733 $group_permalink = bp_get_group_url( groups_get_current_group() );734 735 bp_core_create_subnav_link( array(736 'name' => ! $this->nav_item_name ? $this->name : $this->nav_item_name,737 'slug' => $this->slug,738 'parent_slug' => bp_get_current_group_slug(),739 'position' => $this->nav_item_position,740 'item_css_id' => 'nav-' . $this->slug,741 'screen_function' => array( &$this, '_display_hook' ),742 'user_has_access' => $user_can_see_nav_item,743 'no_access_url' => $group_permalink,744 ), 'groups' );745 }746 747 1005 // If the user can visit the screen, we register it. 748 1006 $user_can_visit = $this->user_can_visit(); 749 1007 1008 if ( $user_can_see_nav_item || $user_can_visit ) { 1009 $group_permalink = bp_get_group_url( groups_get_current_group() ); 1010 } 1011 1012 if ( $user_can_see_nav_item ) { 1013 bp_core_create_subnav_link( 1014 array( 1015 'name' => ! $this->nav_item_name ? $this->name : $this->nav_item_name, 1016 'slug' => $this->slug, 1017 'parent_slug' => bp_get_current_group_slug(), 1018 'position' => $this->nav_item_position, 1019 'item_css_id' => 'nav-' . $this->slug, 1020 'screen_function' => array( &$this, '_display_hook' ), 1021 'user_has_access' => $user_can_see_nav_item, 1022 'no_access_url' => $group_permalink, 1023 ), 1024 'groups' 1025 ); 1026 } 1027 750 1028 if ( $user_can_visit ) { 751 $group_permalink = bp_get_group_url( groups_get_current_group() ); 752 753 bp_core_register_subnav_screen_function( array( 754 'slug' => $this->slug, 755 'parent_slug' => bp_get_current_group_slug(), 756 'screen_function' => array( &$this, '_display_hook' ), 757 'user_has_access' => $user_can_visit, 758 'no_access_url' => $group_permalink, 759 ), 'groups' ); 1029 bp_core_register_subnav_screen_function( 1030 array( 1031 'slug' => $this->slug, 1032 'parent_slug' => bp_get_current_group_slug(), 1033 'screen_function' => array( &$this, '_display_hook' ), 1034 'user_has_access' => $user_can_visit, 1035 'no_access_url' => $group_permalink, 1036 ), 1037 'groups' 1038 ); 760 1039 761 1040 // When we are viewing the extension display page, set the title and options title. … … 764 1043 765 1044 $extension_name = $this->name; 766 add_action( 'bp_template_content_header', function() use ( $extension_name ) { 767 echo esc_attr( $extension_name ); 768 } ); 769 add_action( 'bp_template_title', function() use ( $extension_name ) { 770 echo esc_attr( $extension_name ); 771 } ); 1045 add_action( 1046 'bp_template_content_header', 1047 function() use ( $extension_name ) { 1048 echo esc_attr( $extension_name ); 1049 } 1050 ); 1051 add_action( 1052 'bp_template_title', 1053 function() use ( $extension_name ) { 1054 echo esc_attr( $extension_name ); 1055 } 1056 ); 772 1057 } 773 1058 } … … 827 1112 } 828 1113 1114 if ( $this->show_tab_callback ) { 1115 return call_user_func( $this->show_tab_callback ); 1116 } 1117 829 1118 return $this->user_can_see_nav_item; 830 1119 } … … 894 1183 } 895 1184 1185 $bp = buddypress(); 896 1186 $screen = $this->screens['create']; 897 1187 898 // Insert the group creation step for the new group extension. 899 buddypress()->groups->group_creation_steps[ $screen['slug'] ] = array( 900 'name' => $screen['name'], 901 'slug' => $screen['slug'], 902 'position' => $screen['position'], 903 ); 904 905 // The maybe_ methods check to see whether the create_* 906 // callbacks should be invoked (ie, are we on the 907 // correct group creation step). Hooked in separate 908 // methods because current creation step info not yet 909 // available at this point. 1188 if ( ! isset( $bp->groups->group_creation_steps[ $screen['slug'] ] ) ) { 1189 $create_data = array( 1190 'name' => $screen['name'], 1191 'slug' => $screen['slug'], 1192 'position' => $screen['position'], 1193 ); 1194 1195 $rewrite_id = $this->get_rewrite_id_for( 'create' ); 1196 if ( $rewrite_id ) { 1197 $create_data['rewrite_id'] = $rewrite_id; 1198 $create_data['default_slug'] = $screen['slug']; 1199 } 1200 1201 // Insert the group creation step for the new group extension. 1202 $bp->groups->group_creation_steps[ $screen['slug'] ] = $create_data; 1203 } 1204 1205 /* 1206 * The maybe_ methods check to see whether the create_* 1207 * callbacks should be invoked (ie, are we on the 1208 * correct group creation step). Hooked in separate 1209 * methods because current creation step info not yet 1210 * available at this point. 1211 */ 910 1212 add_action( 'groups_custom_create_steps', array( $this, 'maybe_create_screen' ) ); 911 1213 add_action( 'groups_create_group_step_save_' . $screen['slug'], array( $this, 'maybe_create_screen_save' ) ); … … 925 1227 $this->nonce_field( 'create' ); 926 1228 927 // The create screen requires an additional nonce field 928 // due to a quirk in the way the templates are built. 1229 /* 1230 * The create screen requires an additional nonce field 1231 * due to a quirk in the way the templates are built. 1232 */ 929 1233 wp_nonce_field( 'groups_create_save_' . bp_get_groups_current_create_step(), '_wpnonce', false ); 930 1234 } … … 990 1294 add_action( 'groups_custom_edit_steps', array( &$this, 'call_edit_screen' ) ); 991 1295 992 // Determine the proper template and save for later 993 // loading. 1296 /* 1297 * Determine the proper template and save for later 1298 * loading. 1299 */ 994 1300 if ( '' !== bp_locate_template( array( 'groups/single/home.php' ), false ) ) { 995 1301 $this->edit_screen_template = '/groups/single/home'; … … 1004 1310 } 1005 1311 1006 // We load the template at bp_screens, to give all 1007 // extensions a chance to load. 1312 /* 1313 * We load the template at bp_screens, to give all 1314 * extensions a chance to load. 1315 */ 1008 1316 add_action( 'bp_screens', array( $this, 'call_edit_screen_template_loader' ) ); 1009 1317 } … … 1046 1354 } 1047 1355 1048 // When DOING_AJAX, the POST global will be populated, but we 1049 // should assume it's a save. 1050 if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { 1356 /* 1357 * When DOING_AJAX, the POST global will be populated, but we 1358 * should assume it's a save. 1359 */ 1360 if ( wp_doing_ajax() ) { 1051 1361 return; 1052 1362 } … … 1054 1364 $this->check_nonce( 'edit' ); 1055 1365 1056 // Detect whether the screen_save_callback is performing a 1057 // redirect, so that we don't do one of our own. 1366 /* 1367 * Detect whether the screen_save_callback is performing a 1368 * redirect, so that we don't do one of our own. 1369 */ 1058 1370 add_filter( 'wp_redirect', array( $this, 'detect_post_save_redirect' ) ); 1059 1371 … … 1207 1519 */ 1208 1520 public function _meta_box_display_callback() { 1209 $group_id = isset( $_GET['gid'] ) ? (int) $_GET['gid'] : 0; 1210 $screen = $this->screens['admin']; 1521 // phpcs:disable WordPress.Security.NonceVerification 1522 $group_id = 0; 1523 if ( isset( $_GET['gid'] ) ) { 1524 $group_id = (int) sanitize_text_field( wp_unslash( $_GET['gid'] ) ); 1525 } 1526 // phpcs:enable WordPress.Security.NonceVerification 1527 1528 $screen = $this->screens['admin']; 1211 1529 1212 1530 $extension_slug = $this->slug; 1213 $callback = function() use ( $extension_slug, $group_id ) {1531 $callback = function() use ( $extension_slug, $group_id ) { 1214 1532 do_action( 'bp_groups_admin_meta_box_content_' . $extension_slug, $group_id ); 1215 1533 };
Note: See TracChangeset
for help on using the changeset viewer.