Changeset 6732

Timestamp:

01/19/2013 03:40:28 AM (13 years ago)

Author:

boonebgorges

Message:

Allow activity items to be deleted when the user_id key is empty

Some plugins create activity items that are not attached to a specific user_id.
The activity deletion request handlers (AJAX and bp-activity-actions) prevent
deletion of activity items when the item's user_id value is empty. This
changeset moves this security measure to the bp_activity_user_can_delete()
function, so that anonymous activity items can still be deleted by item admins.

Props magnus78

Fixes #4735

Location:

trunk

Files:

• bp-activity/bp-activity-actions.php (modified) (1 diff)
• bp-activity/bp-activity-template.php (modified) (1 diff)
• bp-templates/bp-legacy/buddypress-functions.php (modified) (1 diff)
• bp-themes/bp-default/_inc/ajax.php (modified) (1 diff)

trunk/bp-activity/bp-activity-actions.php

@@ -148 +148 @@
 
     // Check access
-    if ( empty( $activity->user_id ) || !bp_activity_user_can_delete( $activity ) )
+    if ( ! bp_activity_user_can_delete( $activity ) )
         return false;
 

trunk/bp-activity/bp-activity-template.php

@@ -1357 +1357 @@
         $can_delete = true;
 
-    if ( $activity->user_id == bp_loggedin_user_id() )
+    if ( is_user_logged_in() && $activity->user_id == bp_loggedin_user_id() )
         $can_delete = true;
 

trunk/bp-templates/bp-legacy/buddypress-functions.php

@@ -618 +618 @@
 
     // Check access
-    if ( empty( $activity->user_id ) || ! bp_activity_user_can_delete( $activity ) )
+    if ( ! bp_activity_user_can_delete( $activity ) )
         exit( '-1' );
 

trunk/bp-themes/bp-default/_inc/ajax.php

@@ -371 +371 @@
 
     // Check access
-    if ( empty( $activity->user_id ) || ! bp_activity_user_can_delete( $activity ) )
+    if ( ! bp_activity_user_can_delete( $activity ) )
         exit( '-1' );