Changeset 9948
- Timestamp:
- 06/16/2015 10:48:11 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-messages/bp-messages-filters.php
r9862 r9948 66 66 add_filter( 'bp_get_the_thread_message_content', 'stripslashes_deep' ); 67 67 add_filter( 'bp_get_the_thread_subject', 'stripslashes_deep' ); 68 69 /** 70 * Enforce limitations on viewing private message contents 71 * 72 * @since BuddyPress (2.3.2) 73 * 74 * @see bp_has_message_threads() for description of parameters 75 * 76 * @param array|string $args See {@link bp_has_message_threads()}. 77 */ 78 function bp_messages_enforce_current_user( $args = array() ) { 79 80 // Non-community moderators can only ever see their own messages 81 if ( is_user_logged_in() && ! bp_current_user_can( 'bp_moderate' ) ) { 82 $_user_id = (int) bp_loggedin_user_id(); 83 if ( $_user_id !== (int) $args['user_id'] ) { 84 $args['user_id'] = $_user_id; 85 } 86 } 87 88 // Return possibly modified $args array 89 return $args; 90 } 91 add_filter( 'bp_after_has_message_threads_parse_args', 'bp_messages_enforce_current_user', 5 ); -
trunk/src/bp-messages/classes/class-bp-messages-thread.php
r9928 r9948 461 461 } 462 462 463 if ( ! empty( $r['user_id'] ) ) { 464 if ( 'sentbox' == $r['box'] ) { 463 $r['user_id'] = (int) $r['user_id']; 464 465 switch ( $r['box'] ) { 466 case 'sentbox' : 465 467 $user_id_sql = 'AND ' . $wpdb->prepare( 'm.sender_id = %d', $r['user_id'] ); 466 $sender_sql = ' AND m.sender_id = r.user_id'; 467 } else { 468 $sender_sql = 'AND m.sender_id = r.user_id'; 469 break; 470 471 case 'inbox' : 472 default : 468 473 $user_id_sql = 'AND ' . $wpdb->prepare( 'r.user_id = %d', $r['user_id'] ); 469 $sender_sql = ' 470 }474 $sender_sql = 'AND r.sender_only = 0'; 475 break; 471 476 } 472 477 -
trunk/tests/phpunit/testcases/messages/template.php
r9819 r9948 260 260 261 261 /** 262 * @group bp_has_message_threads 263 */ 264 public function test_has_message_threads_anonymous_user_should_not_see_threads() { 265 $u1 = $this->factory->user->create(); 266 $u2 = $this->factory->user->create(); 267 268 // create initial thread 269 $this->factory->message->create( array( 270 'sender_id' => $u1, 271 'recipients' => array( $u2 ), 272 ) ); 273 274 // set user to anonymous 275 $old_current_user = get_current_user_id(); 276 $this->set_current_user( 0 ); 277 278 // now, do the message thread query 279 global $messages_template; 280 bp_has_message_threads(); 281 282 // assert! 283 $this->assertEquals( 0, $messages_template->thread_count ); 284 $this->assertEmpty( $messages_template->threads ); 285 286 $this->set_current_user( $old_current_user ); 287 } 288 289 /** 262 290 * @group pagination 263 291 * @group BP_Messages_Box_Template
Note: See TracChangeset
for help on using the changeset viewer.