Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/20/2014 03:29:53 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Member Admin -- bp_core_admin_user_row_actions():

  • Add "View" link to post-row actions.
  • Use: sprintf(), add_query_arg() for URL creation.
  • Update __() usages esc_html__().
  • Properly escape URL's.

See #5623.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/admin/bp-core-functions.php

    r8302 r8431  
    803803function bp_core_admin_user_row_actions( $actions, $user_object ) {
    804804
    805     if ( current_user_can( 'edit_user', $user_object->ID ) && bp_loggedin_user_id() != $user_object->ID ) {
    806 
     805    // Setup the $user_id variable from the current user object
     806    $user_id = 0;
     807    if ( !empty( $user_object->ID ) ) {
     808        $user_id = absint( $user_object->ID );
     809    }
     810
     811    // Bail early if user cannot perform this action, or is looking at themselves
     812    if ( current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) {
     813
     814        // Admin URL could be single site or network
    807815        $url = bp_get_admin_url( 'users.php' );
    808816
    809         if ( bp_is_user_spammer( $user_object->ID ) ) {
    810             $actions['ham'] = "<a href='" . wp_nonce_url( $url . "?action=ham&amp;user=$user_object->ID", 'bp-spam-user' ) . "'>" . __( 'Not Spam', 'buddypress' ) . "</a>";
     817        // If spammed, create unspam link
     818        if ( bp_is_user_spammer( $user_id ) ) {
     819            $url             = add_query_arg( array( 'action' => 'ham', 'user' => $user_id ), $url );
     820            $unspam_link     = wp_nonce_url( $url, 'bp-spam-user' );
     821            $actions['ham']  = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $unspam_link ), esc_html__( 'Not Spam', 'buddypress' ) );
     822
     823        // If not already spammed, create spam link
    811824        } else {
    812             $actions['spam'] = "<a class='submitdelete' href='" . wp_nonce_url( $url . "?action=spam&amp;user=$user_object->ID", 'bp-spam-user' ) . "'>" . __( 'Mark as Spam', 'buddypress' ) . "</a>";
     825            $url             = add_query_arg( array( 'action' => 'spam', 'user' => $user_id ), $url );
     826            $spam_link       = wp_nonce_url( $url, 'bp-spam-user' );
     827            $actions['spam'] = sprintf( '<a class="submitdelete" href="%1$s">%2$s</a>', esc_url( $spam_link ), esc_html__( 'Spam', 'buddypress' ) );
    813828        }
    814829    }
    815830
     831    // Create a "View" link
     832    $url             = bp_core_get_user_domain( $user_id );
     833    $actions['view'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $url ), esc_html__( 'View', 'buddypress' ) );
     834
     835    // Return new actions
    816836    return $actions;
    817837}
Note: See TracChangeset for help on using the changeset viewer.