Skip to:
Content

BuddyPress.org

Changeset 7541


Ignore:
Timestamp:
11/09/2013 01:09:57 PM (12 years ago)
Author:
johnjamesjacoby
Message:

Port updates to bp_verify_nonce_request() from bbPress. Fixes issues with home_url() matching, and allows filtering for advanced configurations.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/bp-core/bp-core-functions.php

    r7481 r7541  
    14241424function bp_verify_nonce_request( $action = '', $query_arg = '_wpnonce' ) {
    14251425
    1426     // Get the home URL
    1427     $home_url = strtolower( home_url() );
    1428 
    1429     $requested_url = bp_get_requested_url();
     1426    /** Home URL **************************************************************/
     1427
     1428    // Parse home_url() into pieces to remove query-strings, strange characters,
     1429    // and other funny things that plugins might to do to it.
     1430    $parsed_home = parse_url( home_url( '/', ( is_ssl() ? 'https://' : 'http://' ) ) );
     1431
     1432    // Maybe include the port, if it's included
     1433    if ( isset( $parsed_home['port'] ) ) {
     1434        $parsed_host = $parsed_home['host'] . ':' . $parsed_home['port'];
     1435    } else {
     1436        $parsed_host = $parsed_home['host'];
     1437    }
     1438
     1439    // Set the home URL for use in comparisons
     1440    $home_url = trim( strtolower( $parsed_home['scheme'] . '://' . $parsed_host . $parsed_home['path'] ), '/' );
     1441
     1442    /** Requested URL *********************************************************/
     1443
     1444    // Maybe include the port, if it's included in home_url()
     1445    if ( isset( $parsed_home['port'] ) ) {
     1446        $request_host = $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'];
     1447    } else {
     1448        $request_host = $_SERVER['HTTP_HOST'];
     1449    }
     1450
     1451    // Build the currently requested URL
     1452    $scheme        = is_ssl() ? 'https://' : 'http://';
     1453    $requested_url = strtolower( $scheme . $request_host . $_SERVER['REQUEST_URI'] );
     1454
     1455    /** Look for match ********************************************************/
     1456
     1457    // Filter the requested URL, for configurations like reverse proxying
     1458    $matched_url = apply_filters( 'bp_verify_nonce_request_url', $requested_url );
    14301459
    14311460    // Check the nonce
     
    14331462
    14341463    // Nonce check failed
    1435     if ( empty( $result ) || empty( $action ) || ( strpos( $requested_url, $home_url ) !== 0 ) )
     1464    if ( empty( $result ) || empty( $action ) || ( strpos( $matched_url, $home_url ) !== 0 ) ) {
    14361465        $result = false;
     1466    }
    14371467
    14381468    // Do extra things
Note: See TracChangeset for help on using the changeset viewer.