Skip to:
Content

BuddyPress.org

Changeset 13452


Ignore:
Timestamp:
04/16/2023 02:57:37 PM (11 months ago)
Author:
imath
Message:

Improve the BP_Group_Extension to support the BP Rewrites API

  • Do the needed adaptations so that slugs used by plugins extending the

BP_Group_Extension can be customizable from the BP URls WP Admin
settings screen.

  • Do some code formatting cleanup in various class methods.

This commit also introduces a new filter bp_rewrites_pre_get_slug the BP
Classic plugin will be able to use to skip any slug customizations.

Props Props r-a-y, johnjamesjacoby, boonebgorges

Closes https://github.com/buddypress/buddypress/pull/86
See #4954

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-rewrites.php

    r13441 r13452  
    6868
    6969/**
    70  * Returns the slug to use for the view belonging to the requested component.
     70 * Returns the slug to use for the screen belonging to the requested component.
    7171 *
    7272 * @since 12.0.0
    7373 *
    7474 * @param string $component_id The BuddyPress component's ID.
    75  * @param string $rewrite_id   The view rewrite ID, used to find the custom slugs.
     75 * @param string $rewrite_id   The screen rewrite ID, used to find the custom slugs.
    7676 *                             Eg: `member_profile_edit` will try to find the xProfile edit's slug.
    77  * @param string $default_slug The view default slug, used as a fallback.
    78  * @return string The slug to use for the view belonging to the requested component.
     77 * @param string $default_slug The screen default slug, used as a fallback.
     78 * @return string The slug to use for the screen belonging to the requested component.
    7979 */
    8080function bp_rewrites_get_slug( $component_id = '', $rewrite_id = '', $default_slug = '' ) {
     81    /**
     82     * This filter is used by the BP Classic plugin to force `$default_slug` usage.
     83     *
     84     * Using the "Classic" BuddyPress means deprecated functions building URL concatening
     85     * URL chunks are available, we cannot use the BP Rewrites API in this case & as a result
     86     * slug customization is bypassed.
     87     *
     88     * The BP Classic plugin is simply returning the `$default_slug` to bypass slug customization.
     89     *
     90     * @since 12.0.0
     91     *
     92     * @param string $value        An empty string to use as to know whether slug customization should be used.
     93     * @param string $default_slug The screen default slug, used as a fallback.
     94     * @param string $rewrite_id   The screen rewrite ID, used to find the custom slugs.
     95     * @param string $component_id The BuddyPress component's ID.
     96     */
     97    $classic_slug = apply_filters( 'bp_rewrites_pre_get_slug', '', $default_slug, $rewrite_id, $component_id );
     98    if ( $classic_slug ) {
     99        return $classic_slug;
     100    }
     101
    81102    $directory_pages = bp_core_get_directory_pages();
    82103    $slug            = $default_slug;
  • trunk/src/bp-groups/classes/class-bp-group-extension.php

    r13446 r13452  
    189189
    190190    /**
     191     * The Callback function to use before showing the navigation item.
     192     *
     193     * @since 12.0.0
     194     * @var string
     195     */
     196    public $show_tab_callback = '';
     197
     198    /**
     199     * List of Group access levels.
     200     *
     201     * @since 12.0.0
     202     * @var string[]
     203     */
     204    public $access_levels = array( 'noone', 'admin', 'mod', 'member', 'loggedin', 'anyone' );
     205
     206    /**
    191207     * Whether the current user can visit the tab.
    192208     *
     
    292308     * @param int|null $group_id ID of the group to display.
    293309     */
    294     public function display( $group_id = null ) {}
     310    public function display( $group_id = null ) {
     311        return new WP_Error(
     312            'invalid-method',
     313            /* translators: %s: Method name. */
     314            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     315        );
     316    }
    295317
    296318    /**
     
    299321     * @since 1.1.0
    300322     */
    301     public function widget_display() {}
     323    public function widget_display() {
     324        return new WP_Error(
     325            'invalid-method',
     326            /* translators: %s: Method name. */
     327            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     328        );
     329    }
    302330
    303331    /*
     
    308336     * versions.
    309337     */
    310     public function settings_screen( $group_id = null ) {}
    311     public function settings_screen_save( $group_id = null ) {}
    312     public function edit_screen( $group_id = null ) {}
    313     public function edit_screen_save( $group_id = null ) {}
    314     public function create_screen( $group_id = null ) {}
    315     public function create_screen_save( $group_id = null ) {}
    316     public function admin_screen( $group_id = null ) {}
    317     public function admin_screen_save( $group_id = null ) {}
     338
     339    /**
     340     * Provide the fallback markup for Group's Create/Admin/Edit screens.
     341     *
     342     * @since 1.8.0
     343     *
     344     * @param int|null $group_id ID of the group to display.
     345     */
     346    public function settings_screen( $group_id = null ) {
     347        return new WP_Error(
     348            'invalid-method',
     349            /* translators: %s: Method name. */
     350            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     351        );
     352    }
     353
     354    /**
     355     * Group's Fallback handler for the Create/Admin/Edit screens.
     356     *
     357     * @since 1.8.0
     358     *
     359     * @param int|null $group_id ID of the group to display.
     360     */
     361    public function settings_screen_save( $group_id = null ) {
     362        return new WP_Error(
     363            'invalid-method',
     364            /* translators: %s: Method name. */
     365            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     366        );
     367    }
     368
     369    /**
     370     * The content of the Manage sub tab.
     371     *
     372     * @since 1.1.0
     373     *
     374     * @param int|null $group_id ID of the group to display.
     375     */
     376    public function edit_screen( $group_id = null ) {
     377        return new WP_Error(
     378            'invalid-method',
     379            /* translators: %s: Method name. */
     380            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     381        );
     382    }
     383
     384    /**
     385     * Group Manage sub tab handler.
     386     *
     387     * @since 1.1.0
     388     *
     389     * @param int|null $group_id ID of the group to display.
     390     */
     391    public function edit_screen_save( $group_id = null ) {
     392        return new WP_Error(
     393            'invalid-method',
     394            /* translators: %s: Method name. */
     395            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     396        );
     397    }
     398
     399    /**
     400     * The content of the group create step tab.
     401     *
     402     * @since 1.1.0
     403     *
     404     * @param int|null $group_id ID of the group to display.
     405     */
     406    public function create_screen( $group_id = null ) {
     407        return new WP_Error(
     408            'invalid-method',
     409            /* translators: %s: Method name. */
     410            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     411        );
     412    }
     413
     414    /**
     415     * Group create step tab handler.
     416     *
     417     * @since 1.1.0
     418     *
     419     * @param int|null $group_id ID of the group to display.
     420     */
     421    public function create_screen_save( $group_id = null ) {
     422        return new WP_Error(
     423            'invalid-method',
     424            /* translators: %s: Method name. */
     425            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     426        );
     427    }
     428
     429    /**
     430     * The content of Group's WP Administration screen metabox.
     431     *
     432     * @since 1.8.0
     433     *
     434     * @param int|null $group_id ID of the group to display.
     435     */
     436    public function admin_screen( $group_id = null ) {
     437        return new WP_Error(
     438            'invalid-method',
     439            /* translators: %s: Method name. */
     440            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     441        );
     442    }
     443
     444    /**
     445     * Group's WP Administration screen handler.
     446     *
     447     * @since 1.8.0
     448     *
     449     * @param int|null $group_id ID of the group to display.
     450     */
     451    public function admin_screen_save( $group_id = null ) {
     452        return new WP_Error(
     453            'invalid-method',
     454            /* translators: %s: Method name. */
     455            sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'buddypress' ), __METHOD__ )
     456        );
     457    }
    318458
    319459    /** Setup *************************************************************/
     
    337477     * @since 1.8.0
    338478     * @since 2.1.0 Added 'access' and 'show_tab' arguments to `$args`.
     479     * @since 12.0.0 Set the Group Extension screens.
    339480     *
    340481     * @param array $args {
     
    379520        $this->params_raw = $args;
    380521
    381         // Before this init() method was introduced, plugins were
    382         // encouraged to set their config directly. For backward
    383         // compatibility with these plugins, we detect whether this is
    384         // one of those legacy plugins, and parse any legacy arguments
    385         // with those passed to init().
     522        /*
     523         * Before this init() method was introduced, plugins were
     524         * encouraged to set their config directly. For backward
     525         * compatibility with these plugins, we detect whether this is
     526         * one of those legacy plugins, and parse any legacy arguments
     527         * with those passed to init().
     528         */
    386529        $this->parse_legacy_properties();
    387530        $args = $this->parse_args_r( $args, $this->legacy_properties_converted );
    388531
    389532        // Parse with defaults.
    390         $this->params = $this->parse_args_r( $args, array(
    391             'slug'              => $this->slug,
    392             'name'              => $this->name,
    393             'visibility'        => $this->visibility,
    394             'nav_item_position' => $this->nav_item_position,
    395             'enable_nav_item'   => (bool) $this->enable_nav_item,
    396             'nav_item_name'     => $this->nav_item_name,
    397             'display_hook'      => $this->display_hook,
    398             'template_file'     => $this->template_file,
    399             'screens'           => $this->get_default_screens(),
    400             'access'            => null,
    401             'show_tab'          => null,
    402         ) );
     533        $this->params = $this->parse_args_r(
     534            $args,
     535            array(
     536                'slug'              => $this->slug,
     537                'name'              => $this->name,
     538                'visibility'        => $this->visibility,
     539                'nav_item_position' => $this->nav_item_position,
     540                'enable_nav_item'   => (bool) $this->enable_nav_item,
     541                'nav_item_name'     => $this->nav_item_name,
     542                'display_hook'      => $this->display_hook,
     543                'template_file'     => $this->template_file,
     544                'screens'           => $this->get_default_screens(),
     545                'access'            => null,
     546                'show_tab'          => null,
     547            )
     548        );
     549
     550        $show_tab = $this->params['show_tab'];
     551        if ( $show_tab && ! in_array( $show_tab, $this->access_levels, true ) && is_callable( $show_tab ) ) {
     552            $this->show_tab_callback = $show_tab;
     553
     554            // Group Admin can always see.
     555            $this->params['show_tab'] = 'admin';
     556        }
    403557
    404558        $this->initialized = true;
     559
     560        // Specific to BP Rewrites.
     561        $bp                    = buddypress();
     562        $group_extension_class = get_class( $this );
     563        $slug                  = $this->params['slug'];
     564        $name                  = $this->params['name'];
     565        $rewrite_id_suffix     = str_replace( '-', '_', $slug );
     566
     567        // Populate Slugs And Names to allow BP Rewrites customizations.
     568        if ( isset( $bp->groups->group_extensions[ $group_extension_class ] ) ) {
     569            $default_data = array(
     570                'slug' => $slug,
     571                'name' => $name,
     572            );
     573
     574            $bp->groups->group_extensions[ $group_extension_class ] = array(
     575                'read'   => array(
     576                    $slug => array_merge(
     577                        $default_data,
     578                        array(
     579                            'rewrite_id' => 'bp_group_read_' . $rewrite_id_suffix,
     580                        )
     581                    ),
     582                ),
     583                'manage' => array(
     584                    $slug => array_merge(
     585                        $default_data,
     586                        array(
     587                            'rewrite_id' => 'bp_group_manage_' . $rewrite_id_suffix,
     588                        )
     589                    ),
     590                ),
     591                'create' => array(
     592                    $slug => array_merge(
     593                        $default_data,
     594                        array(
     595                            'rewrite_id' => 'bp_group_create_' . $rewrite_id_suffix,
     596                        )
     597                    ),
     598                ),
     599            );
     600
     601            if ( $this->params['nav_item_name'] ) {
     602                $bp->groups->group_extensions[ $group_extension_class ]['read']['name'] = $this->params['nav_item_name'];
     603            }
     604
     605            foreach ( $this->params['screens'] as $screen => $data ) {
     606                $screen_key = $screen;
     607                if ( 'admin' === $screen ) {
     608                    continue;
     609                }
     610
     611                if ( 'edit' === $screen ) {
     612                    $screen_key = 'manage';
     613                }
     614
     615                if ( ! $data['enabled'] ) {
     616                    unset( $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ] );
     617                    continue;
     618                }
     619
     620                if ( isset( $data['slug'] ) && $data['slug'] ) {
     621                    $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ][ $slug ]['slug'] = $data['slug'];
     622                }
     623
     624                if ( isset( $data['name'] ) && $data['name'] ) {
     625                    $bp->groups->group_extensions[ $group_extension_class ][ $screen_key ][ $slug ]['name'] = $data['name'];
     626                }
     627            }
     628        }
    405629    }
    406630
     
    494718
    495719        // On the admin, get the group id out of the $_GET params.
    496         if ( empty( $group_id ) && is_admin() && ( isset( $_GET['page'] ) && ( 'bp-groups' === $_GET['page'] ) ) && ! empty( $_GET['gid'] ) ) {
    497             $group_id = (int) $_GET['gid'];
    498         }
    499 
    500         // This fallback will only be hit when the create step is very
    501         // early.
     720        if ( empty( $group_id ) && is_admin() ) {
     721            // phpcs:disable WordPress.Security.NonceVerification
     722            $admin_page = '';
     723            if ( isset( $_GET['page'] ) ) {
     724                $admin_page = sanitize_text_field( wp_unslash( $_GET['page'] ) );
     725            }
     726
     727            if ( 'bp-groups' === $admin_page && isset( $_GET['gid'] ) ) {
     728                $group_id = (int) sanitize_text_field( wp_unslash( $_GET['gid'] ) );
     729            }
     730            // phpcs:enable WordPress.Security.NonceVerification
     731        }
     732
     733        /*
     734         * This fallback will only be hit when the create step is very
     735         * early.
     736         */
    502737        if ( empty( $group_id ) && bp_get_new_group_id() ) {
    503738            $group_id = bp_get_new_group_id();
    504739        }
    505740
    506         // On some setups, the group id has to be fetched out of the
    507         // $_POST array
    508         // @todo Figure out why this is happening during group creation.
     741        /*
     742         * On some setups, the group id has to be fetched out of the
     743         * $_POST array
     744         * @todo Figure out why this is happening during group creation.
     745         */
     746        // phpcs:disable WordPress.Security.NonceVerification
    509747        if ( empty( $group_id ) && isset( $_POST['group_id'] ) ) {
    510             $group_id = (int) $_POST['group_id'];
    511         }
     748            $group_id = (int) sanitize_text_field( wp_unslash( $_POST['group_id'] ) );
     749        }
     750        // phpcs:enable WordPress.Security.NonceVerification
    512751
    513752        return $group_id;
     
    588827        $this->user_can_visit = false;
    589828
    590         // Backward compatibility for components that do not provide
    591         // explicit 'access' parameter.
     829        /*
     830         * Backward compatibility for components that do not provide
     831         * explicit 'access' parameter.
     832         */
    592833        if ( empty( $this->params['access'] ) ) {
    593834            if ( false === $this->params['enable_nav_item'] ) {
     
    612853        }
    613854
    614         // If the current user meets at least one condition, the
    615         // get access.
     855        /*
     856         * If the current user meets at least one condition, the
     857         * get access.
     858         */
    616859        foreach ( $access_conditions as $access_condition ) {
    617860            if ( $this->user_meets_access_condition( $access_condition ) ) {
     
    624867        $this->user_can_see_nav_item = false;
    625868
    626         // Backward compatibility for components that do not provide
    627         // explicit 'show_tab' parameter.
     869        /*
     870         * Backward compatibility for components that do not provide
     871         * explicit 'show_tab' parameter.
     872         */
    628873        if ( empty( $this->params['show_tab'] ) ) {
    629874            if ( false === $this->params['enable_nav_item'] ) {
    630                 // The enable_nav_item index is only false if it's been
    631                 // defined explicitly as such in the
    632                 // constructor. So we always trust this value.
     875                /*
     876                 * The enable_nav_item index is only false if it's been
     877                 * defined explicitly as such in the
     878                 * constructor. So we always trust this value.
     879                 */
    633880                $this->params['show_tab'] = 'noone';
    634881
    635882            } elseif ( isset( $this->params_raw['enable_nav_item'] ) || isset( $this->params_raw['visibility'] ) ) {
    636                 // If enable_nav_item or visibility is passed,
    637                 // we assume this  is a legacy extension.
    638                 // Legacy behavior is that enable_nav_item=true +
    639                 // visibility=private implies members-only.
     883                /*
     884                 * If enable_nav_item or visibility is passed,
     885                 * we assume this  is a legacy extension.
     886                 * Legacy behavior is that enable_nav_item=true +
     887                 * visibility=private implies members-only.
     888                 */
    640889                if ( 'public' !== $this->visibility ) {
    641890                    $this->params['show_tab'] = 'member';
     
    645894
    646895            } else {
    647                 // No show_tab or enable_nav_item value is
    648                 // available, so match the value of 'access'.
     896                /*
     897                 * No show_tab or enable_nav_item value is
     898                 * available, so match the value of 'access'.
     899                 */
    649900                $this->params['show_tab'] = $this->params['access'];
    650901            }
     
    657908        }
    658909
    659         // If the current user meets at least one condition, the
    660         // get access.
     910        /*
     911         * If the current user meets at least one condition, the
     912         * get access.
     913         */
    661914        foreach ( $access_conditions as $access_condition ) {
    662915            if ( $this->user_meets_access_condition( $access_condition ) ) {
     
    711964
    712965    /**
     966     * Returns the Rewrite ID of the Group Extension Item according to the context.
     967     *
     968     * @since 12.0.0
     969     *
     970     * @param string $context One of these contexts: 'create', 'manage', 'read'.
     971     * @return string         The found Rewrite ID, an empty string otherwise.
     972     */
     973    protected function get_rewrite_id_for( $context = '' ) {
     974        $rewrite_id            = '';
     975        $group_extensions      = buddypress()->groups->group_extensions;
     976        $group_extension_class = get_class( $this );
     977
     978        if ( isset( $group_extensions[ $group_extension_class ][ $context ][ $this->slug ]['rewrite_id'] ) ) {
     979            $rewrite_id = $group_extensions[ $group_extension_class ][ $context ][ $this->slug ]['rewrite_id'];
     980        }
     981
     982        return $rewrite_id;
     983    }
     984
     985    /**
    713986     * Hook this extension's group tab into BuddyPress, if necessary.
    714987     *
     
    7301003        $user_can_see_nav_item = $this->user_can_see_nav_item();
    7311004
    732         if ( $user_can_see_nav_item ) {
    733             $group_permalink = bp_get_group_url( groups_get_current_group() );
    734 
    735             bp_core_create_subnav_link( array(
    736                 'name'            => ! $this->nav_item_name ? $this->name : $this->nav_item_name,
    737                 'slug'            => $this->slug,
    738                 'parent_slug'     => bp_get_current_group_slug(),
    739                 'position'        => $this->nav_item_position,
    740                 'item_css_id'     => 'nav-' . $this->slug,
    741                 'screen_function' => array( &$this, '_display_hook' ),
    742                 'user_has_access' => $user_can_see_nav_item,
    743                 'no_access_url'   => $group_permalink,
    744             ), 'groups' );
    745         }
    746 
    7471005        // If the user can visit the screen, we register it.
    7481006        $user_can_visit = $this->user_can_visit();
    7491007
     1008        if ( $user_can_see_nav_item || $user_can_visit ) {
     1009            $group_permalink = bp_get_group_url( groups_get_current_group() );
     1010        }
     1011
     1012        if ( $user_can_see_nav_item ) {
     1013            bp_core_create_subnav_link(
     1014                array(
     1015                    'name'            => ! $this->nav_item_name ? $this->name : $this->nav_item_name,
     1016                    'slug'            => $this->slug,
     1017                    'parent_slug'     => bp_get_current_group_slug(),
     1018                    'position'        => $this->nav_item_position,
     1019                    'item_css_id'     => 'nav-' . $this->slug,
     1020                    'screen_function' => array( &$this, '_display_hook' ),
     1021                    'user_has_access' => $user_can_see_nav_item,
     1022                    'no_access_url'   => $group_permalink,
     1023                ),
     1024                'groups'
     1025            );
     1026        }
     1027
    7501028        if ( $user_can_visit ) {
    751             $group_permalink = bp_get_group_url( groups_get_current_group() );
    752 
    753             bp_core_register_subnav_screen_function( array(
    754                 'slug'            => $this->slug,
    755                 'parent_slug'     => bp_get_current_group_slug(),
    756                 'screen_function' => array( &$this, '_display_hook' ),
    757                 'user_has_access' => $user_can_visit,
    758                 'no_access_url'   => $group_permalink,
    759             ), 'groups' );
     1029            bp_core_register_subnav_screen_function(
     1030                array(
     1031                    'slug'            => $this->slug,
     1032                    'parent_slug'     => bp_get_current_group_slug(),
     1033                    'screen_function' => array( &$this, '_display_hook' ),
     1034                    'user_has_access' => $user_can_visit,
     1035                    'no_access_url'   => $group_permalink,
     1036                ),
     1037                'groups'
     1038            );
    7601039
    7611040            // When we are viewing the extension display page, set the title and options title.
     
    7641043
    7651044                $extension_name = $this->name;
    766                 add_action( 'bp_template_content_header', function() use ( $extension_name ) {
    767                     echo esc_attr( $extension_name );
    768                 } );
    769                 add_action( 'bp_template_title', function() use ( $extension_name ) {
    770                     echo esc_attr( $extension_name );
    771                 } );
     1045                add_action(
     1046                    'bp_template_content_header',
     1047                    function() use ( $extension_name ) {
     1048                        echo esc_attr( $extension_name );
     1049                    }
     1050                );
     1051                add_action(
     1052                    'bp_template_title',
     1053                    function() use ( $extension_name ) {
     1054                        echo esc_attr( $extension_name );
     1055                    }
     1056                );
    7721057            }
    7731058        }
     
    8271112        }
    8281113
     1114        if ( $this->show_tab_callback ) {
     1115            return call_user_func( $this->show_tab_callback );
     1116        }
     1117
    8291118        return $this->user_can_see_nav_item;
    8301119    }
     
    8941183        }
    8951184
     1185        $bp     = buddypress();
    8961186        $screen = $this->screens['create'];
    8971187
    898         // Insert the group creation step for the new group extension.
    899         buddypress()->groups->group_creation_steps[ $screen['slug'] ] = array(
    900             'name'     => $screen['name'],
    901             'slug'     => $screen['slug'],
    902             'position' => $screen['position'],
    903         );
    904 
    905         // The maybe_ methods check to see whether the create_*
    906         // callbacks should be invoked (ie, are we on the
    907         // correct group creation step). Hooked in separate
    908         // methods because current creation step info not yet
    909         // available at this point.
     1188        if ( ! isset( $bp->groups->group_creation_steps[ $screen['slug'] ] ) ) {
     1189            $create_data = array(
     1190                'name'     => $screen['name'],
     1191                'slug'     => $screen['slug'],
     1192                'position' => $screen['position'],
     1193            );
     1194
     1195            $rewrite_id = $this->get_rewrite_id_for( 'create' );
     1196            if ( $rewrite_id ) {
     1197                $create_data['rewrite_id']   = $rewrite_id;
     1198                $create_data['default_slug'] = $screen['slug'];
     1199            }
     1200
     1201            // Insert the group creation step for the new group extension.
     1202            $bp->groups->group_creation_steps[ $screen['slug'] ] = $create_data;
     1203        }
     1204
     1205        /*
     1206         * The maybe_ methods check to see whether the create_*
     1207         * callbacks should be invoked (ie, are we on the
     1208         * correct group creation step). Hooked in separate
     1209         * methods because current creation step info not yet
     1210         * available at this point.
     1211         */
    9101212        add_action( 'groups_custom_create_steps', array( $this, 'maybe_create_screen' ) );
    9111213        add_action( 'groups_create_group_step_save_' . $screen['slug'], array( $this, 'maybe_create_screen_save' ) );
     
    9251227        $this->nonce_field( 'create' );
    9261228
    927         // The create screen requires an additional nonce field
    928         // due to a quirk in the way the templates are built.
     1229        /*
     1230         * The create screen requires an additional nonce field
     1231         * due to a quirk in the way the templates are built.
     1232         */
    9291233        wp_nonce_field( 'groups_create_save_' . bp_get_groups_current_create_step(), '_wpnonce', false );
    9301234    }
     
    9901294            add_action( 'groups_custom_edit_steps', array( &$this, 'call_edit_screen' ) );
    9911295
    992             // Determine the proper template and save for later
    993             // loading.
     1296            /*
     1297             * Determine the proper template and save for later
     1298             * loading.
     1299             */
    9941300            if ( '' !== bp_locate_template( array( 'groups/single/home.php' ), false ) ) {
    9951301                $this->edit_screen_template = '/groups/single/home';
     
    10041310            }
    10051311
    1006             // We load the template at bp_screens, to give all
    1007             // extensions a chance to load.
     1312            /*
     1313             * We load the template at bp_screens, to give all
     1314             * extensions a chance to load.
     1315             */
    10081316            add_action( 'bp_screens', array( $this, 'call_edit_screen_template_loader' ) );
    10091317        }
     
    10461354        }
    10471355
    1048         // When DOING_AJAX, the POST global will be populated, but we
    1049         // should assume it's a save.
    1050         if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
     1356        /*
     1357         * When DOING_AJAX, the POST global will be populated, but we
     1358         * should assume it's a save.
     1359         */
     1360        if ( wp_doing_ajax() ) {
    10511361            return;
    10521362        }
     
    10541364        $this->check_nonce( 'edit' );
    10551365
    1056         // Detect whether the screen_save_callback is performing a
    1057         // redirect, so that we don't do one of our own.
     1366        /*
     1367         * Detect whether the screen_save_callback is performing a
     1368         * redirect, so that we don't do one of our own.
     1369         */
    10581370        add_filter( 'wp_redirect', array( $this, 'detect_post_save_redirect' ) );
    10591371
     
    12071519     */
    12081520    public function _meta_box_display_callback() {
    1209         $group_id = isset( $_GET['gid'] ) ? (int) $_GET['gid'] : 0;
    1210         $screen   = $this->screens['admin'];
     1521        // phpcs:disable WordPress.Security.NonceVerification
     1522        $group_id = 0;
     1523        if ( isset( $_GET['gid'] ) ) {
     1524            $group_id = (int) sanitize_text_field( wp_unslash( $_GET['gid'] ) );
     1525        }
     1526        // phpcs:enable WordPress.Security.NonceVerification
     1527
     1528        $screen = $this->screens['admin'];
    12111529
    12121530        $extension_slug = $this->slug;
    1213         $callback = function() use ( $extension_slug, $group_id ) {
     1531        $callback       = function() use ( $extension_slug, $group_id ) {
    12141532            do_action( 'bp_groups_admin_meta_box_content_' . $extension_slug, $group_id );
    12151533        };
Note: See TracChangeset for help on using the changeset viewer.