Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
10/28/2024 05:27:43 PM (18 months ago)
Author:
espellcaste
Message:

Improve deleted-user private messages in the web and REST API.

Private messages from a deleted user are properly anonymized in both the web and REST API.

Props imath, niftythree.

Closes https://github.com/buddypress/buddypress/pull/384
Fixes #9160

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-messages/bp-messages-template.php

    r13897 r14061  
    199199        global $messages_template;
    200200
     201        $last_user_id = $messages_template->thread->last_sender_id;
     202        $user         = get_userdata( (int) $last_user_id );
     203
     204        if ( 'sentbox' !== bp_current_action() && ( empty( $user ) || ! $user->exists() ) ) {
     205            $thread_excerpt = esc_html__( '[deleted]', 'buddypress' );
     206        } else {
     207            $thread_excerpt = wp_strip_all_tags( bp_create_excerpt( $messages_template->thread->last_message_content, 75 ) );
     208        }
     209
    201210        /**
    202211         * Filters the excerpt of the current thread in the loop.
     
    204213         * @since 1.0.0
    205214         *
    206          * @param string $value Excerpt of the current thread in the loop.
    207          */
    208         return apply_filters( 'bp_get_message_thread_excerpt', wp_strip_all_tags( bp_create_excerpt( $messages_template->thread->last_message_content, 75 ) ) );
     215         * @param string $thread_excerpt Excerpt of the current thread in the loop.
     216         */
     217        return apply_filters( 'bp_get_message_thread_excerpt', $thread_excerpt );
    209218    }
    210219
     
    243252        global $messages_template;
    244253
     254        $last_user_id = $messages_template->thread->last_sender_id;
     255        $user         = get_userdata( (int) $last_user_id );
     256
     257        if ( ( empty( $user ) || ! $user->exists() ) ) {
     258            $last_message_content = esc_html__( '[deleted]', 'buddypress' );
     259        } else {
     260            $last_message_content = $messages_template->thread->last_message_content;
     261        }
     262
    245263        /**
    246264         * Filters the content of the last message in the thread.
     
    250268         * @param string $last_message_content Content of the last message in the thread.
    251269         */
    252         return apply_filters( 'bp_get_message_thread_content', $messages_template->thread->last_message_content );
     270        return apply_filters( 'bp_get_message_thread_content', $last_message_content );
    253271    }
    254272
     
    257275 */
    258276function bp_message_thread_from() {
    259     // Esaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`.
     277    // Escaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`.
    260278    // phpcs:ignore WordPress.Security.EscapeOutput
    261279    echo bp_get_message_thread_from();
     
    271289        global $messages_template;
    272290
     291        $userlink = bp_core_get_userlink( $messages_template->thread->last_sender_id );
     292
     293        if ( empty( $userlink ) ) {
     294            $userlink = esc_html__( 'Deleted User', 'buddypress' );
     295        }
     296
    273297        /**
    274298         * Filters the link to the page of the current thread's last author.
     
    276300         * @since 1.0.0
    277301         *
    278          * @param string $value Link to the page of the current thread's last author.
    279          */
    280         return apply_filters( 'bp_get_message_thread_from', bp_core_get_userlink( $messages_template->thread->last_sender_id ) );
     302         * @param string $userlink Link to the page of the current thread's last author.
     303         */
     304        return apply_filters( 'bp_get_message_thread_from', $userlink );
    281305    }
    282306
     
    304328         * @since 1.0.0
    305329         *
    306          * @param string $value HTML links to the pages of the current thread's recipients.
     330         * @param string $recipients_links HTML links to the pages of the current thread's recipients.
    307331         */
    308332        return apply_filters( 'bp_message_thread_to', BP_Messages_Thread::get_recipient_links( $messages_template->thread->recipients ) );
     
    22342258        global $thread_template;
    22352259
     2260        $sender_link = bp_core_get_userlink( $thread_template->message->sender_id, false, true );
     2261
     2262        if ( empty( $sender_link ) ) {
     2263            $sender_link = '';
     2264        }
     2265
    22362266        /**
    22372267         * Filters the link to the sender of the current message.
     
    22392269         * @since 1.1.0
    22402270         *
    2241          * @param string $value Link to the sender of the current message.
    2242          */
    2243         return apply_filters( 'bp_get_the_thread_message_sender_link', bp_core_get_userlink( $thread_template->message->sender_id, false, true ) );
     2271         * @param string $sender_link Link to the sender of the current message.
     2272         */
     2273        return apply_filters( 'bp_get_the_thread_message_sender_link', $sender_link );
    22442274    }
    22452275
Note: See TracChangeset for help on using the changeset viewer.