Changeset 9949
- Timestamp:
- 06/16/2015 10:50:15 PM (9 years ago)
- Location:
- branches/2.3
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.3/src/bp-messages/bp-messages-filters.php
r9862 r9949 66 66 add_filter( 'bp_get_the_thread_message_content', 'stripslashes_deep' ); 67 67 add_filter( 'bp_get_the_thread_subject', 'stripslashes_deep' ); 68 69 /** 70 * Enforce limitations on viewing private message contents 71 * 72 * @since BuddyPress (2.3.2) 73 * 74 * @see bp_has_message_threads() for description of parameters 75 * 76 * @param array|string $args See {@link bp_has_message_threads()}. 77 */ 78 function bp_messages_enforce_current_user( $args = array() ) { 79 80 // Non-community moderators can only ever see their own messages 81 if ( is_user_logged_in() && ! bp_current_user_can( 'bp_moderate' ) ) { 82 $_user_id = (int) bp_loggedin_user_id(); 83 if ( $_user_id !== (int) $args['user_id'] ) { 84 $args['user_id'] = $_user_id; 85 } 86 } 87 88 // Return possibly modified $args array 89 return $args; 90 } 91 add_filter( 'bp_after_has_message_threads_parse_args', 'bp_messages_enforce_current_user', 5 ); -
branches/2.3/src/bp-messages/classes/class-bp-messages-thread.php
r9929 r9949 454 454 } 455 455 456 if ( ! empty( $r['user_id'] ) ) { 457 if ( 'sentbox' == $r['box'] ) { 456 $r['user_id'] = (int) $r['user_id']; 457 458 switch ( $r['box'] ) { 459 case 'sentbox' : 458 460 $user_id_sql = 'AND ' . $wpdb->prepare( 'm.sender_id = %d', $r['user_id'] ); 459 $sender_sql = ' AND m.sender_id = r.user_id'; 460 } else { 461 $sender_sql = 'AND m.sender_id = r.user_id'; 462 break; 463 464 case 'inbox' : 465 default : 461 466 $user_id_sql = 'AND ' . $wpdb->prepare( 'r.user_id = %d', $r['user_id'] ); 462 $sender_sql = ' 463 }467 $sender_sql = 'AND r.sender_only = 0'; 468 break; 464 469 } 465 470 -
branches/2.3/tests/phpunit/testcases/messages/template.php
r9819 r9949 260 260 261 261 /** 262 * @group bp_has_message_threads 263 */ 264 public function test_has_message_threads_anonymous_user_should_not_see_threads() { 265 $u1 = $this->factory->user->create(); 266 $u2 = $this->factory->user->create(); 267 268 // create initial thread 269 $this->factory->message->create( array( 270 'sender_id' => $u1, 271 'recipients' => array( $u2 ), 272 ) ); 273 274 // set user to anonymous 275 $old_current_user = get_current_user_id(); 276 $this->set_current_user( 0 ); 277 278 // now, do the message thread query 279 global $messages_template; 280 bp_has_message_threads(); 281 282 // assert! 283 $this->assertEquals( 0, $messages_template->thread_count ); 284 $this->assertEmpty( $messages_template->threads ); 285 286 $this->set_current_user( $old_current_user ); 287 } 288 289 /** 262 290 * @group pagination 263 291 * @group BP_Messages_Box_Template
Note: See TracChangeset
for help on using the changeset viewer.