Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
03/20/2025 07:10:28 PM (11 months ago)
Author:
dcavins
Message:

Restrict bulk notification management to owner (14.0 branch).

When attempting to manage notifications in bulk, ensure that the current user is either a site admin or owns all of the notifications specified.

Many thanks to Brian Mungah for responsibly reporting the problem.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/12.0/src/bp-notifications/actions/bulk-manage.php

    r13112 r14107  
    4141
    4242    // Delete, mark as read or unread depending on the user 'action'.
     43    $result = bp_notifications_bulk_manage_notifications( $action, $notifications );
     44
     45    // Set message depending on the user 'action'.
    4346    switch ( $action ) {
    4447        case 'delete':
    45             bp_notifications_delete_notifications_by_ids( $notifications );
    4648            bp_core_add_message( __( 'Notifications deleted.', 'buddypress' ) );
    4749            break;
    4850
    4951        case 'read':
    50             bp_notifications_mark_notifications_by_ids( $notifications, false );
    5152            bp_core_add_message( __( 'Notifications marked as read', 'buddypress' ) );
    5253            break;
    5354
    5455        case 'unread':
    55             bp_notifications_mark_notifications_by_ids( $notifications, true );
    5656            bp_core_add_message( __( 'Notifications marked as unread.', 'buddypress' ) );
    5757            break;
Note: See TracChangeset for help on using the changeset viewer.