Skip to:

Opened 14 years ago

Closed 14 years ago

#2565 closed enhancement (duplicate)

[patch] “Send Private Message” and “Mention this User” Button Filtering

Reported by: jeffsayre's profile jeffsayre Owned by:
Milestone: 1.2.6 Priority: major
Severity: Version:
Component: Core Keywords: has-patch, security, privacy, abstraction, filters


When a logged in user is visiting another member’s page, the “Mention this User” and “Send Private Message” buttons are outputted differently than the “Add Friend” button. The output of the former two are controlled by the member-header.php template file whereas the output of the latter is controlled by a template tag function -- bp_add_friend_button(). Furthermore, only the “Add Friend” button offers any means with which to programmatically control the output.

Instead of hardcoding template output directly within a template file, it should be abstracted into a function that allows developers the flexibility with which to control what is output and how it is outputted.

The attached patch removes the hardcoded output for both the “Mention this User” and “Send Private Message” buttons, placing them into a template tag function instead. The new template tag functions also offer filters that allow developers the opportunity to directly control these two important buttons.

This Trac ticket is necessary for the BuddyPress Privacy Component. Without these changes, there is no way to offer members control over who sees and has access to the “Mention this User” and “Send Private Message” buttons.

As an added benefit to this patch, the outputted URLs of the two expanded template tag functions use the wp_nonce_url() for added security. The bp_add_friend_button() already uses link nonce protection. So should these two new functions.

Change History (1)

#1 @jeffsayre
14 years ago

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.