Skip to:
Content

Opened 10 months ago

Closed 9 months ago

Last modified 9 months ago

#5052 closed defect (bug) (fixed)

Ajax on group extension page on BP-default child theme returns HTML of referer page instead of data

Reported by: matom Owned by:
Milestone: 1.8 Priority: normal
Severity: normal Version: 1.7
Component: Groups Keywords: close
Cc:

Description

I have a child theme of the BP Default theme and a group extension that loads and displays data depending on user selection using AJAX (jQuery). This was all working fine in BP 1.5.2 / WP 3.4.1. Since updating to BP 1.7.2 and WP 3.5.1 this no longer works correctly. Instead of loading/displaying the data it supposed to, it loads and displays the full html of the admin page again.

To recreate:

  1. Install WordPress 3.5.1 and Buddypress 1.7.2
  2. Create a child theme of BP default
  3. Add this code into the functions.php file of the child theme:
<?php

if ( class_exists( 'BP_Group_Extension' ) ) : 
    class My_Group_Extension extends BP_Group_Extension {
 
        function __construct() {
            $this->name = 'My Group Extension';
            $this->slug = 'my-group-extension';
 
            $this->create_step_position = 21;
            $this->nav_item_position = 31;
        }
 
        function edit_screen() {
            if ( !bp_is_group_admin_screen( $this->slug ) )
                return false; ?>
 
            <h2><?php echo esc_attr( $this->name ) ?></h2>
            <a href="#" id="test-link">Click to load AJAX Data.</a>
            <div id="test-result">My Result</div>
            <?php
            wp_nonce_field( 'groups_edit_save_' . $this->slug );
        }
 
    }
 
    bp_register_group_extension( 'My_Group_Extension' );
 
endif; // class_exists( 'BP_Group_Extension' )


function my_display_test(){
	die("Hello World!");
}
add_action('wp_ajax_my_display_test', 'my_display_test');

function my_scripts() {
	wp_enqueue_script( 'main-js', get_stylesheet_directory_uri() . '/main.js', array('jquery'));
}
add_action( 'wp_enqueue_scripts', 'my_scripts' );
?>
  1. Add this code into a main.js file in the child theme:
var $ = jQuery.noConflict();
	
$(function(){
	$('#test-link').click(function(){
		 $.post( ajaxurl, {
				  action: 'my_display_test'
			  },
			  function(response) {
			  	$('#test-result').html(response);
			  }
		  );
		 return false;
	});
});
  1. Create a new group and go the the "My Group Extension" admin page.
  2. Click on the "Click to load AJAX Data." link

This will return the full HTML of the referer page into the #test-result DIV instead of "Hello World!".

Using the same code as above in a non-BP theme (ie. twentytwelve) returns the "Hello World!" correctly.

I've also found out that it is somehow related to the URL of the referer page. If I copy the the full generated HTML of the group extension admin page into the groups/single/home.php file of the default BP theme (replacing all code), I get the following results:

  • on /groups/my-group/ it returns "Hello World!" correctly
  • on /groups/my-group/admin/edit-details it returns "Hello World!" correctly
  • on /groups/my-group/admin/my-group-extension/ it returns the incorrect data (the full HTML of the current page)

Change History (5)

comment:1 matom10 months ago

  • Version changed from 1.7 to 1.8-beta

Please note the above ticket was originally posted for version 1.7. I've now changed this ticket to 1.8-beta as I was hoping this issue might be resolved by the changes to the Group Extension, but the output is different, but it's still not correct.

Instead of the full HTML the same AJAX call now loads: "Are you sure you want to do this? Please try again." instead of "Hello World"?

I've tried the old (using the code posted above) and new way of implementation (by amending the example attached to #4995), but neither worked correctly.

Any ideas of how this could be resolved?

comment:2 boonebgorges9 months ago

In 7251:

In BP_Group_Extension::call_edit_screen_save(), don't save if DOING_AJAX

Previously, the settings save routine was running whenever the POST global was
populated. This meant running when handling an AJAX request sent via POST. But
the latter is incorrect behavior, since it disallows the use of AJAX on the
edit screen for anything other than saving the form. As a result, all AJAX
requests sent via POST on group edit screens were resulting in a failed nonce
check.

Plugins that wish to save group edit settings via AJAX should implement their
own nonce checks.

See #5052

comment:3 boonebgorges9 months ago

  • Keywords close added
  • Milestone changed from Awaiting Review to 1.8
  • Version changed from 1.8-beta to 1.7

Thanks for the report, matom. I'm switching the version number back to 1.7, since that's the version where the bug was first noticed.

I've confirmed your bug on the 1.7 branch.

I also confirmed the behavior you described on the master branch ("Are you sure..."). However, this turns out to be an unrelated bug in BP_Group_Extension::call_edit_screen_save(). I fixed that bug in r7251. Now, I find that the AJAX call is returning "Hello World", as expected. This (along with some git bisect tests I ran) suggest that the changes in r6997 are responsible for fixing the original bug.

I have not dug into what caused the original bug on the 1.7 branch. It looks like it's probably an issue with load order, or some oddity in the way that the old BP_Group_Extension loaded its screen callbacks. That'd explain why r6997, which includes a refactoring and regularization of the way that screen functions are hooked and loaded, fixed the bug. In any case, since it's fixed, I'm not going to sink any more time into the mystery.

Please verify that your plugin is working as expected on the latest trunk (or manually apply r7251 to your copy of 1.8-beta2). Report back here, and we can mark this ticket as fixed.

comment:4 matom9 months ago

  • Resolution set to fixed
  • Status changed from new to closed

Thank you so much, Boone.

My plugin works now as expected with r7251 applied to 1.8-beta2.

Note: See TracTickets for help on using tickets.