Changeset 14061

Timestamp:

10/28/2024 05:27:43 PM (4 months ago)

Author:

espellcaste

Message:

Improve deleted-user private messages in the web and REST API.

Private messages from a deleted user are properly anonymized in both the web and REST API.

Props imath, niftythree.

Closes ​https://github.com/buddypress/buddypress/pull/384
Fixes #9160

Location:

trunk/src

Files:

• bp-messages/bp-messages-template.php (modified) (10 diffs)
• bp-messages/classes/class-bp-messages-box-template.php (modified) (1 diff)
• bp-messages/classes/class-bp-messages-rest-controller.php (modified) (2 diffs)
• bp-messages/classes/class-bp-messages-thread.php (modified) (2 diffs)
• bp-templates/bp-nouveau/buddypress/common/js-templates/messages/index.php (modified) (4 diffs)
• bp-templates/bp-nouveau/includes/messages/ajax.php (modified) (7 diffs)

trunk/src/bp-messages/bp-messages-template.php

@@ -199 +199 @@
         global $messages_template;
 
+        $last_user_id = $messages_template->thread->last_sender_id;
+        $user         = get_userdata( (int) $last_user_id );
+
+        if ( 'sentbox' !== bp_current_action() && ( empty( $user ) || ! $user->exists() ) ) {
+            $thread_excerpt = esc_html__( '[deleted]', 'buddypress' );
+        } else {
+            $thread_excerpt = wp_strip_all_tags( bp_create_excerpt( $messages_template->thread->last_message_content, 75 ) );
+        }
+
         /**
          * Filters the excerpt of the current thread in the loop.
@@ -204 +213 @@
          * @since 1.0.0
          *
-         * @param string $value Excerpt of the current thread in the loop.
-         */
-        return apply_filters( 'bp_get_message_thread_excerpt', wp_strip_all_tags( bp_create_excerpt( $messages_template->thread->last_message_content, 75 ) ) );
+         * @param string $thread_excerpt Excerpt of the current thread in the loop.
+         */
+        return apply_filters( 'bp_get_message_thread_excerpt', $thread_excerpt );
     }
 
@@ -243 +252 @@
         global $messages_template;
 
+        $last_user_id = $messages_template->thread->last_sender_id;
+        $user         = get_userdata( (int) $last_user_id );
+
+        if ( ( empty( $user ) || ! $user->exists() ) ) {
+            $last_message_content = esc_html__( '[deleted]', 'buddypress' );
+        } else {
+            $last_message_content = $messages_template->thread->last_message_content;
+        }
+
         /**
          * Filters the content of the last message in the thread.
@@ -250 +268 @@
          * @param string $last_message_content Content of the last message in the thread.
          */
-        return apply_filters( 'bp_get_message_thread_content', $messages_template->thread->last_message_content );
+        return apply_filters( 'bp_get_message_thread_content', $last_message_content );
     }
 
@@ -257 +275 @@
  */
 function bp_message_thread_from() {
-    // Esaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`.
+    // Escaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`.
     // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_message_thread_from();
@@ -271 +289 @@
         global $messages_template;
 
+        $userlink = bp_core_get_userlink( $messages_template->thread->last_sender_id );
+
+        if ( empty( $userlink ) ) {
+            $userlink = esc_html__( 'Deleted User', 'buddypress' );
+        }
+
         /**
          * Filters the link to the page of the current thread's last author.
@@ -276 +300 @@
          * @since 1.0.0
          *
-         * @param string $value Link to the page of the current thread's last author.
-         */
-        return apply_filters( 'bp_get_message_thread_from', bp_core_get_userlink( $messages_template->thread->last_sender_id ) );
+         * @param string $userlink Link to the page of the current thread's last author.
+         */
+        return apply_filters( 'bp_get_message_thread_from', $userlink );
     }
 
@@ -304 +328 @@
          * @since 1.0.0
          *
-         * @param string $value HTML links to the pages of the current thread's recipients.
+         * @param string $recipients_links HTML links to the pages of the current thread's recipients.
          */
         return apply_filters( 'bp_message_thread_to', BP_Messages_Thread::get_recipient_links( $messages_template->thread->recipients ) );
@@ -2234 +2258 @@
         global $thread_template;
 
+        $sender_link = bp_core_get_userlink( $thread_template->message->sender_id, false, true );
+
+        if ( empty( $sender_link ) ) {
+            $sender_link = '';
+        }
+
         /**
          * Filters the link to the sender of the current message.
@@ -2239 +2269 @@
          * @since 1.1.0
          *
-         * @param string $value Link to the sender of the current message.
-         */
-        return apply_filters( 'bp_get_the_thread_message_sender_link', bp_core_get_userlink( $thread_template->message->sender_id, false, true ) );
+         * @param string $sender_link Link to the sender of the current message.
+         */
+        return apply_filters( 'bp_get_the_thread_message_sender_link', $sender_link );
     }
 

trunk/src/bp-messages/classes/class-bp-messages-box-template.php

@@ -343 +343 @@
      */
     public function the_message_thread() {
-
         $this->in_the_loop = true;
         $this->thread      = $this->next_thread();

trunk/src/bp-messages/classes/class-bp-messages-rest-controller.php

@@ -158 +158 @@
         $retval = array();
         foreach ( (array) $messages_box->threads as $thread ) {
+            $messages_box->the_message_thread();
+
             $retval[] = $this->prepare_response_for_collection(
                 $this->prepare_item_for_response( $thread, $request )
@@ -167 +169 @@
 
         /**
-         * Fires after a thread is fetched via the REST API.
-         *
-         * @since 15.0.0
-         *
-         * @param BP_Messages_Box_Template  $messages_box Fetched thread.
+         * Fires after threads are fetched via the REST API.
+         *
+         * @since 15.0.0
+         *
+         * @param BP_Messages_Box_Template  $messages_box Messages box
          * @param WP_REST_Response          $response     The response data.
          * @param WP_REST_Request           $request      The request sent to the API.

trunk/src/bp-messages/classes/class-bp-messages-thread.php

@@ -1195 +1195 @@
      *
      * @param array $recipients Array containing the message recipients (array of objects).
-     * @return string String of message recipent userlinks.
+     * @return string String of message recipient userlinks.
      */
     public static function get_recipient_links( $recipients ) {
@@ -1216 +1216 @@
         }
 
-        return implode( ', ', (array) $recipient_links );
+        return implode( ', ', $recipient_links );
     }
 

trunk/src/bp-templates/bp-nouveau/buddypress/common/js-templates/messages/index.php

@@ -131 +131 @@
     <# if ( ! data.recipientsCount ) { #>
         <div class="thread-from">
-            <a class="user-link" href="{{data.sender_link}}">
-                <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
-                <span class="bp-screen-reader-text"><?php esc_html_e( 'From:', 'buddypress' ); ?></span>
-                <span class="user-name">{{data.sender_name}}</span>
-            </a>
+            <# if ( data.sender_link ) { #>
+                <a class="user-link" href="{{data.sender_link}}">
+                    <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
+                    <span class="bp-screen-reader-text"><?php esc_html_e( 'From:', 'buddypress' ); ?></span>
+                    <span class="user-name">{{data.sender_name}}</span>
+                </a>
+            <# } else { #>
+                <div class="user-link">
+                    <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
+                    <span class="bp-screen-reader-text"><?php esc_html_e( 'From:', 'buddypress' ); ?></span>
+                    <span class="user-name">{{data.sender_name}}</span>
+                </div>
+            <# } #>
         </div>
     <# } else {
@@ -141 +149 @@
         #>
         <div class="thread-to">
-            <a class="user-link" href="{{recipient.user_link}}">
-                <img class="avatar" src="{{{recipient.avatar}}}" alt="" />
-                <span class="bp-screen-reader-text"><?php esc_html_e( 'To:', 'buddypress' ); ?></span>
-                <span class="user-name">{{recipient.user_name}}</span>
-            </a>
+            <# if ( recipient.user_link ) { #>
+                <a class="user-link" href="{{recipient.user_link}}">
+                    <img class="avatar" src="{{{recipient.avatar}}}" alt="" />
+                    <span class="bp-screen-reader-text"><?php esc_html_e( 'To:', 'buddypress' ); ?></span>
+                    <span class="user-name">{{recipient.user_name}}</span>
+                </a>
+            <# } else { #>
+                <div class="user-link">
+                    <img class="avatar" src="{{{recipient.avatar}}}" alt="" />
+                    <span class="bp-screen-reader-text"><?php esc_html_e( 'To:', 'buddypress' ); ?></span>
+                    <span class="user-name">{{recipient.user_name}}</span>
+                </div>
+            <# } #>
 
             <# if ( data.toOthers ) { #>
@@ -274 +290 @@
         <# } #>
 
-        <a href="{{data.sender_link}}" class="user-link">
-            <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
-            <strong>{{data.sender_name}}</strong>
-        </a>
+        <# if ( data.sender_link ) { #>
+            <a href="{{data.sender_link}}" class="user-link">
+                <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
+                <strong>{{data.sender_name}}</strong>
+            </a>
+        <# } else { #>
+            <div class="user-link">
+                <img class="avatar" src="{{{data.sender_avatar}}}" alt="" />
+                <strong>{{data.sender_name}}</strong>
+            </div>
+        <# } #>
 
         <time datetime="{{data.date.toISOString()}}" class="activity">{{data.display_date}}</time>
 
-        <div class="actions">
-            <# if ( undefined !== data.star_link ) { #>
+        <# if ( undefined !== data.star_link ) { #>
+            <div class="actions">
 
                 <button type="button" class="message-action-unstar bp-tooltip bp-icons <# if ( false === data.is_starred ) { #>bp-hide<# } #>" data-bp-star-link="{{data.star_link}}" data-bp-action="unstar" data-bp-tooltip="<?php esc_attr_e( 'Unstar Message', 'buddypress' ); ?>">
@@ -292 +315 @@
                 </button>
 
-            <# } #>
-        </div>
+            </div>
+        <# } #>
 
         <# if ( data.afterMeta ) { #>

trunk/src/bp-templates/bp-nouveau/includes/messages/ajax.php

@@ -163 +163 @@
         wp_send_json_error( $response );
     }
+}
+
+/**
+ * Returns recipient's data for the Backbone UI.
+ *
+ * @since 15.0.0
+ *
+ * @param integer $user_id The User ID.
+ * @return array
+ */
+function bp_nouveau_ajax_get_message_recipients_data( $user_id ) {
+    $user_link   = bp_core_get_userlink( $user_id, false, true );
+    $avatar_args = array(
+        'item_id' => $user_id,
+        'object'  => 'user',
+        'type'    => 'thumb',
+        'width'   => 28,
+        'height'  => 28,
+        'html'    => false,
+    );
+
+    if ( ! $user_link ) {
+        return array(
+            'avatar'    => esc_url( bp_core_avatar_default( 'gravatar', $avatar_args ) ),
+            'user_link' => '',
+            'user_name' => '',
+        );
+    }
+
+    return array(
+        'avatar'    => esc_url( bp_core_fetch_avatar( $avatar_args ) ),
+        'user_link' => esc_url( $user_link ),
+        'user_name' => esc_html( bp_core_get_user_displayname( $user_id ) ),
+    );
+}
+
+/**
+ * Returns sender's data for the Backbone UI.
+ *
+ * @since 15.0.0
+ *
+ * @param integer $user_id The User ID.
+ * @return array
+ */
+function bp_nouveau_ajax_get_message_sender_data( $user_id ) {
+    $sender_link = bp_core_get_userlink( $user_id, false, true );
+    $avatar_args = array(
+        'item_id' => $user_id,
+        'object'  => 'user',
+        'type'    => 'thumb',
+        'width'   => 32,
+        'height'  => 32,
+        'html'    => false,
+    );
+
+    if ( ! $sender_link ) {
+        return array(
+            'name'   => esc_html__( 'Deleted User', 'buddypress' ),
+            'link'   => $sender_link,
+            'avatar' => esc_url( bp_core_avatar_default( 'gravatar', $avatar_args ) ),
+        );
+    }
+
+    return array(
+        'name'   => esc_html( bp_core_get_user_displayname( $user_id ) ),
+        'link'   => esc_url( $sender_link ),
+        'avatar' => esc_url( bp_core_fetch_avatar( $avatar_args ) ),
+    );
 }
 
@@ -333 +401 @@
     while ( bp_message_threads() ) : bp_message_thread();
         $last_message_id = (int) $messages_template->thread->last_message_id;
+        $sender_data     = bp_nouveau_ajax_get_message_sender_data( $messages_template->thread->last_sender_id );
 
         $threads->threads[ $i ] = array(
@@ -341 +410 @@
             'content'       => do_shortcode( bp_get_message_thread_content() ),
             'unread'        => bp_message_thread_has_unread(),
-            'sender_name'   => bp_core_get_user_displayname( $messages_template->thread->last_sender_id ),
-            'sender_link'   => bp_core_get_userlink( $messages_template->thread->last_sender_id, false, true ),
-            'sender_avatar' => esc_url( bp_core_fetch_avatar( array(
-                'item_id' => $messages_template->thread->last_sender_id,
-                'object'  => 'user',
-                'type'    => 'thumb',
-                'width'   => 32,
-                'height'  => 32,
-                'html'    => false,
-            ) ) ),
+            'sender_name'   => $sender_data['name'],
+            'sender_link'   => $sender_data['link'],
+            'sender_avatar' => $sender_data['avatar'],
             'count'         => bp_get_message_thread_total_count(),
             'date'          => strtotime( bp_get_message_thread_last_post_date_raw() ) * 1000,
@@ -358 +420 @@
         if ( is_array( $messages_template->thread->recipients ) ) {
             foreach ( $messages_template->thread->recipients as $recipient ) {
-                $threads->threads[ $i ]['recipients'][] = array(
-                    'avatar' => esc_url( bp_core_fetch_avatar( array(
-                        'item_id' => $recipient->user_id,
-                        'object'  => 'user',
-                        'type'    => 'thumb',
-                        'width'   => 28,
-                        'height'  => 28,
-                        'html'    => false,
-                    ) ) ),
-                    'user_link' => bp_core_get_userlink( $recipient->user_id, false, true ),
-                    'user_name' => bp_members_get_user_slug( $recipient->user_id ),
-                );
+                $threads->threads[ $i ]['recipients'][] = bp_nouveau_ajax_get_message_recipients_data( $recipient->user_id );
             }
         }
@@ -421 +472 @@
     $bp->current_action = $reset_action;
 
-    // Return the successfull reply.
+    // Return the successful reply.
     wp_send_json_success( $threads );
 }
@@ -508 +559 @@
         if ( is_array( $thread_template->thread->recipients ) ) {
             foreach ( $thread_template->thread->recipients as $recipient ) {
-                $thread->thread['recipients'][] = array(
-                    'avatar' => esc_url( bp_core_fetch_avatar( array(
-                        'item_id' => $recipient->user_id,
-                        'object'  => 'user',
-                        'type'    => 'thumb',
-                        'width'   => 28,
-                        'height'  => 28,
-                        'html'    => false,
-                    ) ) ),
-                    'user_link' => bp_core_get_userlink( $recipient->user_id, false, true ),
-                    'user_name' => bp_members_get_user_slug( $recipient->user_id ),
-                );
+                $thread->thread['recipients'][] = bp_nouveau_ajax_get_message_recipients_data( $recipient->user_id );
             }
         }
@@ -528 +568 @@
 
     while ( bp_thread_messages() ) : bp_thread_the_message();
+        $sender_data = bp_nouveau_ajax_get_message_sender_data( bp_get_the_thread_message_sender_id() );
+
         $thread->messages[ $i ] = array(
             'id'            => bp_get_the_thread_message_id(),
             'content'       => do_shortcode( bp_get_the_thread_message_content() ),
             'sender_id'     => bp_get_the_thread_message_sender_id(),
-            'sender_name'   => esc_html( bp_get_the_thread_message_sender_name() ),
-            'sender_link'   => bp_get_the_thread_message_sender_link(),
-            'sender_avatar' => esc_url( bp_core_fetch_avatar( array(
-                'item_id' => bp_get_the_thread_message_sender_id(),
-                'object'  => 'user',
-                'type'    => 'thumb',
-                'width'   => 32,
-                'height'  => 32,
-                'html'    => false,
-            ) ) ),
+            'sender_name'   => $sender_data['name'],
+            'sender_link'   => $sender_data['link'],
+            'sender_avatar' => $sender_data['avatar'],
             'date'          => bp_get_the_thread_message_date_sent() * 1000,
             'display_date'  => bp_get_the_thread_message_time_since(),