Skip to:
Content

BuddyPress.org

Changeset 7251


Ignore:
Timestamp:
07/09/2013 01:20:07 PM (12 years ago)
Author:
boonebgorges
Message:

In BP_Group_Extension::call_edit_screen_save(), don't save if DOING_AJAX

Previously, the settings save routine was running whenever the POST global was
populated. This meant running when handling an AJAX request sent via POST. But
the latter is incorrect behavior, since it disallows the use of AJAX on the
edit screen for anything other than saving the form. As a result, all AJAX
requests sent via POST on group edit screens were resulting in a failed nonce
check.

Plugins that wish to save group edit settings via AJAX should implement their
own nonce checks.

See #5052

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-groups/bp-groups-classes.php

    r7237 r7251  
    23002300        }
    23012301
     2302        // When DOING_AJAX, the POST global will be populated, but we
     2303        // should assume it's a save
     2304        if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
     2305            return;
     2306        }
     2307
    23022308        $this->check_nonce( 'edit' );
    23032309        call_user_func( $this->screens['edit']['screen_save_callback'], $this->group_id );
Note: See TracChangeset for help on using the changeset viewer.