Skip to:
Content

BuddyPress.org

Changeset 4506


Ignore:
Timestamp:
06/13/2011 09:54:52 PM (13 years ago)
Author:
boonebgorges
Message:

Introduces bp_do_404() for easy 404ing. Corrects invalid path handling throughout, using bp_do_404(). Fixes #3280. Props DJPaul

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-activity/bp-activity-actions.php

    r4469 r4506  
    2727    $activity = bp_activity_get_specific( array( 'activity_ids' => $bp->action_variables[0] ) );
    2828
    29     // Redirect to root if activity does not exist
    30     if ( !$activity = $activity['activities'][0] )
    31         bp_core_redirect( bp_get_root_domain() );
     29    // 404 if activity does not exist
     30    if ( !$activity = $activity['activities'][0] ) {
     31        bp_do_404();
     32        return;
     33    }
    3234
    3335    // Do not redirect at default
  • trunk/bp-activity/bp-activity-screens.php

    r4396 r4506  
    9696    $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action() ) );
    9797
    98     if ( !$activity = $activity['activities'][0] )
    99         bp_core_redirect( bp_get_root_domain() );
     98    // 404 if activity does not exist
     99    if ( !$activity = $activity['activities'][0] ) {
     100        bp_do_404();
     101        return;
     102    }
     103
     104    if ( !empty( $bp->action_variables ) ) {
     105        bp_do_404();
     106        return;
     107    }
    100108
    101109    // Default access is true
     
    106114
    107115        // Activity is from a group, but groups is currently disabled
    108         if ( !bp_is_active( 'groups') )
    109             bp_core_redirect( bp_get_root_domain() );
     116        if ( !bp_is_active( 'groups') ) {
     117            bp_do_404();
     118            return;
     119        }
    110120
    111121        // Check to see if the group is not public, if so, check the
  • trunk/bp-core/bp-core-catchuri.php

    r4490 r4506  
    243243                    $bp->displayed_user->id = (int) bp_core_get_userid_from_nicename( urldecode( $bp_uri[$uri_offset + 1] ) );
    244244
     245                if ( empty( $bp->displayed_user->id ) ) {
     246                    // Prevent components from loading their templates
     247                    $bp->current_component = '';
     248
     249                    bp_do_404();
     250                    return;
     251                }
     252
    245253                // Bump the offset
    246254                if ( isset( $bp_uri[$uri_offset + 2] ) ) {
     
    352360 */
    353361function bp_core_catch_no_access() {
    354     global $bp, $wp_query, $bp_unfiltered_uri, $bp_no_status_set;
     362    global $bp, $bp_no_status_set;
    355363
    356364    // If bp_core_redirect() and $bp_no_status_set is true,
     
    359367        return false;
    360368
    361     // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect
     369    // If the displayed user was marked as a spammer and the logged-in user is not a super admin, 404.
    362370    if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) {
    363         if ( !is_super_admin() )
    364             bp_core_redirect( $bp->root_domain );
    365         else
     371        if ( !$bp->loggedin_user->is_super_admin ) {
     372            bp_do_404();
     373            return;
     374
     375        } else {
    366376            bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' );
    367     }
    368 
    369     // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect
    370     if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )
    371         bp_core_redirect( $bp->root_domain );
    372 
    373     // Access control!
     377        }
     378    }
     379
    374380    if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) {
    375         if ( is_user_logged_in() ) {
    376             bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) );
    377         } else {
    378             bp_core_no_access();
    379         }
     381        bp_do_404();
    380382    }
    381383}
     
    402404    $r = wp_parse_args( $args, $defaults );
    403405    extract( $r, EXTR_SKIP );
    404 
    405     // Group filtering
    406     // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage
    407     if ( !$redirect ) {
    408         if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {
    409             $root = bp_get_group_permalink( $bp->groups->current_group );
    410             $message = false;
    411         }
    412     }
    413406
    414407    // Apply filters to these variables
  • trunk/bp-core/bp-core-functions.php

    r4482 r4506  
    2424function bp_core_get_page_meta() {
    2525    $page_ids = get_site_option( 'bp-pages' );
    26    
     26
    2727    $is_enable_multiblog = is_multisite() && defined( 'BP_ENABLE_MULTIBLOG' ) && BP_ENABLE_MULTIBLOG ? true : false;
    2828
     
    3030
    3131    // Upgrading from an earlier version of BP pre-1.3
    32     if ( empty( $page_ids ) || isset( $page_ids['members'] ) ) {       
    33         if ( empty( $page_ids ) ) {     
     32    if ( empty( $page_ids ) || isset( $page_ids['members'] ) ) {
     33        if ( empty( $page_ids ) ) {
    3434            // We're probably coming from an old multisite install
    3535            $old_page_ids = get_blog_option( $page_blog_id, 'bp-pages' );
     
    3838            $old_page_ids = $page_ids;
    3939        }
    40        
     40
    4141        /**
    4242         * If $page_ids is found in a blog_option, and it's formatted in the new way (keyed
     
    4646        if ( !isset( $old_page_ids['members'] ) )
    4747            return false;
    48            
     48
    4949        // Finally, move the page ids over to site options
    5050        $new_page_ids = array(
     
    5454        update_site_option( 'bp-pages', $new_page_ids );
    5555    }
    56    
     56
    5757    $blog_page_ids = !empty( $page_ids[$page_blog_id] ) ? $page_ids[$page_blog_id] : false;
    58    
     58
    5959    return apply_filters( 'bp_core_get_page_meta', $blog_page_ids );
    6060}
     
    6666 * blog_id. This allows you to change your BP_ROOT_BLOG and go through the setup process again.
    6767 *
    68  * @package BuddyPress Core 
     68 * @package BuddyPress Core
    6969 * @since 1.3
    7070 *
     
    7777    // Generally, we key by the BP_ROOT_BLOG. Exception: when BP_ENABLE_MULTIBLOG is turned on
    7878    $key = is_multisite() && defined( 'BP_ENABLE_MULTIBLOG' ) && BP_ENABLE_MULTIBLOG ? get_current_blog_id() : BP_ROOT_BLOG;
    79    
     79
    8080    $page_ids[$key] = $blog_page_ids;
    8181
     
    162162function bp_core_do_network_admin() {
    163163    $do_network_admin = false;
    164    
     164
    165165    if ( is_multisite() && ( !defined( 'BP_ENABLE_MULTIBLOG' ) || !BP_ENABLE_MULTIBLOG ) )
    166166        $do_network_admin = true;
    167    
     167
    168168    return apply_filters( 'bp_core_do_network_admin', $do_network_admin );
    169169}
     
    171171function bp_core_admin_hook() {
    172172    $hook = bp_core_do_network_admin() ? 'network_admin_menu' : 'admin_menu';
    173    
     173
    174174    return apply_filters( 'bp_core_admin_hook', $hook );
    175175}
     
    184184    if ( !is_super_admin() )
    185185        return false;
    186    
     186
    187187    add_action( bp_core_admin_hook(), 'bp_core_add_admin_menu', 9 );
    188188
     
    236236function bp_core_print_admin_notices() {
    237237    global $bp;
    238    
     238
    239239    // Only the super admin should see messages
    240240    if ( !is_super_admin() )
    241241        return;
    242    
     242
    243243    // On multisite installs, don't show on the Site Admin of a non-root blog, unless
    244244    // do_network_admin is overridden
    245245    if ( is_multisite() && bp_core_do_network_admin() && !bp_is_root_blog() )
    246246        return;
    247        
     247
    248248    // Show the messages
    249249    if ( !empty( $bp->admin->notices ) ) {
     
    253253                <p><?php echo $notice ?></p>
    254254            <?php endforeach ?>
    255         </div>     
     255        </div>
    256256    <?php
    257257    }
     
    275275function bp_core_add_admin_notice( $notice ) {
    276276    global $bp;
    277    
     277
    278278    if ( empty( $bp->admin->notices ) ) {
    279279        $bp->admin->notices = array();
    280280    }
    281    
     281
    282282    $bp->admin->notices[] = $notice;
    283283}
     
    301301    if ( !is_super_admin() )
    302302        return;
    303        
     303
    304304    // On multisite installs, don't load on a non-root blog, unless do_network_admin is
    305305    // overridden
    306306    if ( is_multisite() && bp_core_do_network_admin() && !bp_is_root_blog() )
    307307        return;
    308        
     308
    309309    // Don't show these messages during setup or upgrade
    310310    if ( isset( $bp->maintenence_mode ) )
     
    317317    if ( bp_is_active( 'blogs' ) ) {
    318318        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$bp->blogs->table_name}" ) );
    319        
     319
    320320        if ( !$count )
    321321            bp_blogs_record_existing_blogs();
     
    328328        return false;
    329329
    330     if ( empty( $wp_rewrite->permalink_structure ) ) { 
     330    if ( empty( $wp_rewrite->permalink_structure ) ) {
    331331        bp_core_add_admin_notice( sprintf( __( '<strong>BuddyPress is almost ready</strong>. You must <a href="%s">update your permalink structure</a> to something other than the default for it to work.', 'buddypress' ), admin_url( 'options-permalink.php' ) ) );
    332332    }
    333    
     333
    334334    /**
    335335     * Are you using a BP-compatible theme?
    336336     */
    337    
     337
    338338    // Get current theme info
    339339    $ct = current_theme_info();
     
    341341    // The best way to remove this notice is to add a "buddypress" tag to
    342342    // your active theme's CSS header.
    343     if ( !defined( 'BP_SILENCE_THEME_NOTICE' ) && !in_array( 'buddypress', (array)$ct->tags ) ) { 
     343    if ( !defined( 'BP_SILENCE_THEME_NOTICE' ) && !in_array( 'buddypress', (array)$ct->tags ) ) {
    344344        bp_core_add_admin_notice( sprintf( __( "You'll need to <a href='%s'>activate a <strong>BuddyPress-compatible theme</strong></a> to take advantage of all of BuddyPress's features. We've bundled a default theme, but you can always <a href='%s'>install some other compatible themes</a> or <a href='%s'>update your existing WordPress theme</a>.", 'buddypress' ), admin_url( 'themes.php' ), network_admin_url( 'theme-install.php?type=tag&s=buddypress&tab=search' ), network_admin_url( 'plugin-install.php?type=term&tab=search&s=%22bp-template-pack%22' ) ) );
    345345    }
    346        
     346
    347347    /**
    348348     * Check for orphaned directory pages (BP component is disabled, WP page exists)
    349349     */
    350      
     350
    351351    $orphaned_pages = array();
    352352    foreach( $bp->pages as $component_id => $page ) {
    353        
     353
    354354        // Some members of $bp->pages will not have corresponding $bp->{component}, so we
    355355        // skip them. Plugins can add themselves here if necessary.
     
    357357        if ( in_array( $component_id, $exceptions ) )
    358358            continue;
    359        
     359
    360360        if ( !isset( $bp->{$component_id} ) ) {
    361361            // We'll need to get some more information about the page for the notice
     
    367367            );
    368368        }
    369        
    370     }
    371    
     369
     370    }
     371
    372372    // If orphaned pages are found, post a notice about them.
    373373    if ( !empty( $orphaned_pages ) ) {
    374        
     374
    375375        // Create the string of links to the Edit Page screen for the pages
    376376        $edit_pages_links = array();
     
    378378            $edit_pages_links[] = sprintf( '<a href="%1$s">%2$s</a>', admin_url( 'post.php?action=edit&post=' . $op['id'] ), $op['title'] );
    379379        }
    380        
     380
    381381        $admin_url = bp_core_do_network_admin() ? network_admin_url( 'admin.php?page=bp-general-settings' ) : admin_url( 'admin.php?page=bp-general-settings' );
    382        
     382
    383383        $notice = sprintf( __( 'Some of your WordPress pages are linked to BuddyPress components that have been disabled. These pages may continue to show up in your site navigation. Consider <a href="%1$s">reactivating the components</a>, or unpublishing the pages: <strong>%2$s</strong>', 'buddypress' ), $admin_url, implode( ', ', $edit_pages_links ) );
    384        
     384
    385385        bp_core_add_admin_notice( $notice );
    386386    }
    387    
     387
    388388    /**
    389389     * Check for orphaned BP components (BP component is enabled, no WP page exists)
    390390     */
    391    
     391
    392392    $orphaned_components = array();
    393393    $wp_page_components  = array();
    394    
     394
    395395    // Only some BP components require a WP page to function - those with a non-empty root_slug
    396396    foreach( $bp->active_components as $component_id => $is_active ) {
     
    402402        }
    403403    }
    404    
     404
    405405    // Activate and Register are special cases. They are not components but they need WP pages.
    406406    // If user registration is disabled, we can skip this step.
     
    410410            'name'  => __( 'Activate', 'buddypress' )
    411411        );
    412        
     412
    413413        $wp_page_components[] = array(
    414414            'id'    => 'register',
    415415            'name'  => __( 'Register', 'buddypress' )
    416416        );
    417     }   
    418    
    419     foreach( $wp_page_components as $component ) {     
     417    }
     418
     419    foreach( $wp_page_components as $component ) {
    420420        if ( !isset( $bp->pages->{$component['id']} ) ) {
    421421            $orphaned_components[] = $component['name'];
    422422        }
    423423    }
    424    
     424
    425425    if ( !empty( $orphaned_components ) ) {
    426426        $admin_url = bp_core_do_network_admin() ? network_admin_url( 'admin.php?page=bp-general-settings' ) : admin_url( 'admin.php?page=bp-general-settings' );
    427        
     427
    428428        $notice = sprintf( __( 'Some BuddyPress components must be associated with WordPress pages for your site to work properly. The following components are missing their required WP pages: <strong>%1$s</strong>. Visit the <a href="%2$s">BuddyPress Components</a> panel, where you can either deactivate unused components or complete the page setup.', 'buddypress' ), implode( ', ', $orphaned_components ), $admin_url );
    429        
     429
    430430        bp_core_add_admin_notice( $notice );
    431431    }
     
    966966function bp_core_add_root_component( $slug ) {
    967967    global $bp;
    968    
     968
    969969    if ( empty( $bp->pages ) )
    970970        $bp->pages = bp_core_get_page_names();
     
    10081008function bp_is_root_blog( $blog_id = false ) {
    10091009    $is_root_blog = true;
    1010    
     1010
    10111011    if ( !$blog_id )
    10121012        $blog_id = get_current_blog_id();
     
    10291029 *    $last_active = get_user_meta( $user_id, bp_get_user_meta_key( 'last_activity' ), true );
    10301030 * Do not hardcode these keys.
    1031  * 
     1031 *
    10321032 * If your plugin introduces custom user metadata that might change between multiple BP instances
    10331033 * on a single WP installation, you are strongly recommended to use this function when storing and
     
    10951095}
    10961096
     1097/**
     1098 * Trigger a 404
     1099 *
     1100 * @global object $bp Global BuddyPress settings object
     1101 * @global WP_Query $wp_query WordPress query object
     1102 * @param string $redirect If 'remove_canonical_direct', remove WordPress' "helpful" redirect_canonical action.
     1103 * @since 1.3
     1104 */
     1105function bp_do_404( $redirect = 'remove_canonical_direct' ) {
     1106    global $bp, $wp_query;
     1107
     1108    do_action( 'bp_do_404', $redirect );
     1109
     1110    $wp_query->set_404();
     1111    status_header( 404 );
     1112    nocache_headers();
     1113
     1114    if ( 'remove_canonical_direct' == $redirect )
     1115        remove_action( 'template_redirect', 'redirect_canonical' );
     1116}
    10971117?>
  • trunk/bp-core/bp-core-template.php

    r4488 r4506  
    247247    // A single group
    248248    } elseif ( bp_is_active( 'groups' ) && !empty( $bp->groups->current_group ) && !empty( $bp->bp_options_nav[$bp->groups->current_group->slug] ) ) {
     249        $subnav = isset( $bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name'] ) ? $bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name'] : '';
    249250        // translators: "group name | group nav section name"
    250         $title = sprintf( __( '%1$s &#124; %2$s', 'buddypress' ), $bp->bp_options_title, $bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name'] );
     251        $title = sprintf( __( '%1$s &#124; %2$s', 'buddypress' ), $bp->bp_options_title, $subnav );
    251252
    252253    // A single item from a component other than groups
  • trunk/bp-groups/bp-groups-filters.php

    r4301 r4506  
    106106        unset( $parts['private'] );
    107107
    108     // Are we a member of this group
    109     elseif ( bp_is_single_item() && bp_group_is_member( $bp->groups->current_group->id ) )
     108    // No need to filter on a single item
     109    elseif ( bp_is_single_item() )
    110110        unset( $parts['private'] );
    111111
  • trunk/bp-groups/bp-groups-loader.php

    r4378 r4506  
    156156        ) );
    157157
     158        // If the user was attempting to access a group, but no group by that name was
     159        // found, 404
     160        if ( empty( $this->current_group ) && !empty( $bp->current_action ) && !in_array( $bp->current_action, $this->forbidden_names ) ) {
     161            bp_do_404();
     162            return;
     163        }
     164       
     165        // Group access control
     166        if ( !empty( $this->current_group ) && !$this->current_group->user_has_access ) {
     167            bp_core_no_access();
     168        }
     169
    158170        // Preconfigured group creation steps
    159171        $this->group_creation_steps = apply_filters( 'groups_create_group_steps', array(
  • trunk/bp-groups/bp-groups-screens.php

    r4442 r4506  
    104104
    105105function groups_screen_group_forum() {
    106     global $bp, $wp_query;
     106    global $bp;
    107107
    108108    if ( !bp_is_active( 'forums' ) || !bp_forums_is_installed_correctly() )
    109109        return false;
    110110
    111     if ( bp_is_single_item() && $bp->groups->current_group->user_has_access ) {
     111    if ( !empty( $bp->action_variables[0] ) && 'topic' != $bp->action_variables[0] ) {
     112        bp_do_404();
     113        return;
     114    }
     115
     116    if ( !$bp->groups->current_group->user_has_access ) {
     117        bp_core_no_access();
     118        return;
     119    }
     120
     121    if ( bp_is_single_item() ) {
    112122
    113123        // Fetch the details we need
     
    311321        // Forum topic does not exist
    312322        } elseif ( !empty( $topic_slug ) && empty( $topic_id ) ) {
    313             $wp_query->set_404();
    314             status_header( 404 );
    315             nocache_headers();
     323            bp_do_404();
    316324            return;
    317325
     
    390398            // Send the invites.
    391399            groups_send_invites( $bp->loggedin_user->id, $bp->groups->current_group->id );
    392 
    393400            bp_core_add_message( __('Group invites sent.', 'buddypress') );
    394 
    395401            do_action( 'groups_screen_group_invite', $bp->groups->current_group->id );
    396 
    397402            bp_core_redirect( bp_get_group_permalink( $bp->groups->current_group ) );
    398         } else {
     403
     404        } elseif ( empty( $bp->action_variables[0] ) ) {
    399405            // Show send invite page
    400406            bp_core_load_template( apply_filters( 'groups_template_group_invite', 'groups/single/home' ) );
     407
     408        } else {
     409            bp_do_404();
    401410        }
    402411    }
  • trunk/bp-messages/bp-messages-screens.php

    r4372 r4506  
    88
    99function messages_screen_inbox() {
     10    global $bp;
     11
     12    if ( !empty( $bp->action_variables ) ) {
     13        bp_do_404();
     14        return;
     15    }
     16
    1017    do_action( 'messages_screen_inbox' );
    1118    bp_core_load_template( apply_filters( 'messages_template_inbox', 'members/single/home' ) );
     
    1320
    1421function messages_screen_sentbox() {
     22    global $bp;
     23
     24    if ( !empty( $bp->action_variables ) ) {
     25        bp_do_404();
     26        return;
     27    }
     28
    1529    do_action( 'messages_screen_sentbox' );
    1630    bp_core_load_template( apply_filters( 'messages_template_sentbox', 'members/single/home' ) );
     
    1933function messages_screen_compose() {
    2034    global $bp;
     35
     36    if ( !empty( $bp->action_variables ) ) {
     37        bp_do_404();
     38        return;
     39    }
    2140
    2241    // Remove any saved message data from a previous session.
     
    97116    }
    98117
     118    if ( !empty( $bp->action_variables ) ) {
     119        bp_do_404();
     120        return;
     121    }
     122
    99123    do_action( 'messages_screen_notices' );
    100124
     
    104128function messages_screen_notification_settings() {
    105129    global $bp;
     130
     131    if ( !empty( $bp->action_variables ) ) {
     132        bp_do_404();
     133        return;
     134    }
    106135
    107136    if ( !$new_messages = get_user_meta( $bp->displayed_user->id, bp_get_user_meta_key( 'notification_messages_new_message' ), true ) )
  • trunk/bp-settings/bp-settings-actions.php

    r4372 r4506  
    11<?php
    2 
    3 
    42/** General *******************************************************************/
    53
    64function bp_settings_screen_general_settings() {
    75    global $bp;
     6
     7    if ( !empty( $bp->action_variables ) ) {
     8        bp_do_404();
     9        return;
     10    }
    811
    912    // Setup private variables
     
    112115    global $bp;
    113116
     117    if ( !empty( $bp->action_variables ) ) {
     118        bp_do_404();
     119        return;
     120    }
     121
    114122    if ( isset( $_POST['submit'] ) ) {
    115123        check_admin_referer('bp_settings_notifications');
     
    135143    global $bp;
    136144
     145    if ( !empty( $bp->action_variables ) ) {
     146        bp_do_404();
     147        return;
     148    }
     149
    137150    if ( isset( $_POST['delete-account-understand'] ) ) {
    138151        // Nonce check
  • trunk/bp-xprofile/bp-xprofile-screens.php

    r4046 r4506  
    1313 * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename)
    1414 */
    15 function xprofile_screen_display_profile() {
     15function xprofile_screen_display_profile() {   
    1616    $new = isset( $_GET['new'] ) ? $_GET['new'] : '';
    1717
     
    3939
    4040    // Check the field group exists
    41     if ( !xprofile_get_field_group( $bp->action_variables[1] ) )
    42         bp_core_redirect( bp_get_root_domain() );
     41    if ( ( !empty( $bp->action_variables[0] ) && 'group' != $bp->action_variables[0] ) || !xprofile_get_field_group( $bp->action_variables[1] ) ) {
     42        bp_do_404();
     43        return;
     44    }
    4345
    4446    // Check to see if any new information has been submitted
     
    133135        return false;
    134136
     137    if ( !empty( $bp->action_variables ) ) {
     138        bp_do_404();
     139        return;
     140    }
     141
    135142    $bp->avatar_admin->step = 'upload-image';
    136143
Note: See TracChangeset for help on using the changeset viewer.