当前位置: 首页>>代码示例>>PHP>>正文


PHP bbp_verify_nonce_request函数代码示例

本文整理汇总了PHP中bbp_verify_nonce_request函数的典型用法代码示例。如果您正苦于以下问题:PHP bbp_verify_nonce_request函数的具体用法?PHP bbp_verify_nonce_request怎么用?PHP bbp_verify_nonce_request使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了bbp_verify_nonce_request函数的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: test_bbp_verify_nonce_request_with_port_in_home_url_and_wordpress_installed_in_subdirectory

 public function test_bbp_verify_nonce_request_with_port_in_home_url_and_wordpress_installed_in_subdirectory()
 {
     // fake various $_SERVER parameters
     $host = explode(':', $_SERVER['HTTP_HOST']);
     $_SERVER['HTTP_HOST'] = $host[0] . ':80';
     $_SERVER['SERVER_PORT'] = 80;
     $_SERVER['REQUEST_URI'] = '/wordpress/';
     // add port number and subdirecotry to home URL for testing
     add_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10, 3);
     // test bbp_verify_nonce_request()
     $action = 'verify-this';
     $_REQUEST[$action] = wp_create_nonce($action);
     $test = bbp_verify_nonce_request($action, $action);
     // clean up!
     remove_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10, 3);
     unset($_REQUEST[$action]);
     // assert!
     $this->assertSame(1, $test);
 }
开发者ID:joeyblake,项目名称:bbpress,代码行数:19,代码来源:verify-nonce.php

示例2: bbp_is_topic_form_post_request

/**
 * Verify if a POST request came from a failed topic attempt.
 *
 * Used to avoid cross-site request forgeries when checking posted topic form
 * content.
 *
 * @see bbp_topic_form_fields()
 *
 * @since 2.6.0 bbPress (r5558)
 *
 * @return boolean True if is a post request with valid nonce
 */
function bbp_is_topic_form_post_request()
{
    // Bail if not a post request
    if (!bbp_is_post_request()) {
        return false;
    }
    // Creating a new topic
    if (bbp_verify_nonce_request('bbp-new-topic')) {
        return true;
    }
    // Editing an existing topic
    if (bbp_verify_nonce_request('bbp-edit-topic')) {
        return true;
    }
    return false;
}
开发者ID:joeyblake,项目名称:bbpress,代码行数:28,代码来源:template.php

示例3: bbp_edit_topic_tag_handler

/**
 * Handles the front end tag management (renaming, merging, destroying)
 *
 * @since bbPress (r2768)
 *
 * @param string $action The requested action to compare this function to
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit/delete tags
 * @uses bbp_add_error() To add an error message
 * @uses wp_update_term() To update the topic tag
 * @uses get_term_link() To get the topic tag url
 * @uses term_exists() To check if the topic tag already exists
 * @uses wp_insert_term() To insert a topic tag
 * @uses wp_delete_term() To delete the topic tag
 * @uses home_url() To get the blog's home page url
 * @uses do_action() Calls actions based on the actions with associated args
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 * @uses wp_safe_redirect() To redirect to the url
 */
function bbp_edit_topic_tag_handler($action = '')
{
    // Bail if required POST actions aren't passed
    if (empty($_POST['tag-id'])) {
        return;
    }
    // Setup possible get actions
    $possible_actions = array('bbp-update-topic-tag', 'bbp-merge-topic-tag', 'bbp-delete-topic-tag');
    // Bail if actions aren't meant for this function
    if (!in_array($action, $possible_actions)) {
        return;
    }
    // Setup vars
    $tag_id = (int) $_POST['tag-id'];
    $tag = get_term($tag_id, bbp_get_topic_tag_tax_id());
    // Tag does not exist
    if (is_wp_error($tag) && $tag->get_error_message()) {
        bbp_add_error('bbp_manage_topic_invalid_tag', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while getting the tag: %s', 'bbpress'), $tag->get_error_message()));
        return;
    }
    // What action are we trying to perform?
    switch ($action) {
        // Update tag
        case 'bbp-update-topic-tag':
            // Nonce check
            if (!bbp_verify_nonce_request('update-tag_' . $tag_id)) {
                bbp_add_error('bbp_manage_topic_tag_update_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
                return;
            }
            // Can user edit topic tags?
            if (!current_user_can('edit_topic_tags')) {
                bbp_add_error('bbp_manage_topic_tag_update_permissions', __('<strong>ERROR</strong>: You do not have the permissions to edit the topic tags.', 'bbpress'));
                return;
            }
            // No tag name was provided
            if (empty($_POST['tag-name']) || !($name = $_POST['tag-name'])) {
                bbp_add_error('bbp_manage_topic_tag_update_name', __('<strong>ERROR</strong>: You need to enter a tag name.', 'bbpress'));
                return;
            }
            // Attempt to update the tag
            $slug = !empty($_POST['tag-slug']) ? $_POST['tag-slug'] : '';
            $tag = wp_update_term($tag_id, bbp_get_topic_tag_tax_id(), array('name' => $name, 'slug' => $slug));
            // Cannot update tag
            if (is_wp_error($tag) && $tag->get_error_message()) {
                bbp_add_error('bbp_manage_topic_tag_update_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while updating the tag: %s', 'bbpress'), $tag->get_error_message()));
                return;
            }
            // Redirect
            $redirect = get_term_link($tag_id, bbp_get_topic_tag_tax_id());
            // Update counts, etc...
            do_action('bbp_update_topic_tag', $tag_id, $tag, $name, $slug);
            break;
            // Merge two tags
        // Merge two tags
        case 'bbp-merge-topic-tag':
            // Nonce check
            if (!bbp_verify_nonce_request('merge-tag_' . $tag_id)) {
                bbp_add_error('bbp_manage_topic_tag_merge_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
                return;
            }
            // Can user edit topic tags?
            if (!current_user_can('edit_topic_tags')) {
                bbp_add_error('bbp_manage_topic_tag_merge_permissions', __('<strong>ERROR</strong>: You do not have the permissions to edit the topic tags.', 'bbpress'));
                return;
            }
            // No tag name was provided
            if (empty($_POST['tag-existing-name']) || !($name = $_POST['tag-existing-name'])) {
                bbp_add_error('bbp_manage_topic_tag_merge_name', __('<strong>ERROR</strong>: You need to enter a tag name.', 'bbpress'));
                return;
            }
            // If term does not exist, create it
            if (!($tag = term_exists($name, bbp_get_topic_tag_tax_id()))) {
                $tag = wp_insert_term($name, bbp_get_topic_tag_tax_id());
            }
            // Problem inserting the new term
            if (is_wp_error($tag) && $tag->get_error_message()) {
                bbp_add_error('bbp_manage_topic_tag_merge_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while merging the tags: %s', 'bbpress'), $tag->get_error_message()));
                return;
            }
            // Merging in to...
            $to_tag = $tag['term_id'];
//.........这里部分代码省略.........
开发者ID:jenia-buianov,项目名称:all_my_sites,代码行数:101,代码来源:functions.php

示例4: bbp_edit_forum_handler

/**
 * Handles the front end edit forum submission
 *
 * @param string $action The requested action to compare this function to
 * @uses bbPress:errors::add() To log various error messages
 * @uses bbp_get_forum() To get the forum
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user
 * @uses current_user_can() To check if the current user can edit the forum
 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 * @uses esc_attr() For sanitization
 * @uses bbp_is_forum_category() To check if the forum is a category
 * @uses bbp_is_forum_closed() To check if the forum is closed
 * @uses bbp_is_forum_private() To check if the forum is private
 * @uses remove_filter() To remove kses filters if needed
 * @uses apply_filters() Calls 'bbp_edit_forum_pre_title' with the title and
 *                        forum id
 * @uses apply_filters() Calls 'bbp_edit_forum_pre_content' with the content
 *                        and forum id
 * @uses bbPress::errors::get_error_codes() To get the {@link WP_Error} errors
 * @uses wp_save_post_revision() To save a forum revision
 * @uses bbp_update_forum_revision_log() To update the forum revision log
 * @uses wp_update_post() To update the forum
 * @uses do_action() Calls 'bbp_edit_forum' with the forum id, forum id,
 *                    anonymous data and reply author
 * @uses bbp_move_forum_handler() To handle movement of a forum from one forum
 *                                 to another
 * @uses bbp_get_forum_permalink() To get the forum permalink
 * @uses wp_safe_redirect() To redirect to the forum link
 * @uses bbPress::errors::get_error_messages() To get the {@link WP_Error} error
 *                                              messages
 */
function bbp_edit_forum_handler($action = '')
{
    // Bail if action is not bbp-edit-forum
    if ('bbp-edit-forum' !== $action) {
        return;
    }
    // Define local variable(s)
    $anonymous_data = array();
    $forum = $forum_id = $forum_parent_id = 0;
    $forum_title = $forum_content = $forum_edit_reason = '';
    /** Forum *****************************************************************/
    // Forum id was not passed
    if (empty($_POST['bbp_forum_id'])) {
        bbp_add_error('bbp_edit_forum_id', __('<strong>ERROR</strong>: Forum ID not found.', 'bbpress'));
        return;
        // Forum id was passed
    } elseif (is_numeric($_POST['bbp_forum_id'])) {
        $forum_id = (int) $_POST['bbp_forum_id'];
        $forum = bbp_get_forum($forum_id);
    }
    // Nonce check
    if (!bbp_verify_nonce_request('bbp-edit-forum_' . $forum_id)) {
        bbp_add_error('bbp_edit_forum_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
        // Forum does not exist
    } elseif (empty($forum)) {
        bbp_add_error('bbp_edit_forum_not_found', __('<strong>ERROR</strong>: The forum you want to edit was not found.', 'bbpress'));
        return;
        // User cannot edit this forum
    } elseif (!current_user_can('edit_forum', $forum_id)) {
        bbp_add_error('bbp_edit_forum_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that forum.', 'bbpress'));
        return;
    }
    // Remove kses filters from title and content for capable users and if the nonce is verified
    if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_forum']) && wp_create_nonce('bbp-unfiltered-html-forum_' . $forum_id) === $_POST['_bbp_unfiltered_html_forum']) {
        remove_filter('bbp_edit_forum_pre_title', 'wp_filter_kses');
        remove_filter('bbp_edit_forum_pre_content', 'bbp_encode_bad', 10);
        remove_filter('bbp_edit_forum_pre_content', 'bbp_filter_kses', 30);
    }
    /** Forum Parent ***********************************************************/
    // Forum parent id was passed
    if (!empty($_POST['bbp_forum_parent_id'])) {
        $forum_parent_id = bbp_get_forum_id($_POST['bbp_forum_parent_id']);
    }
    // Current forum this forum is in
    $current_parent_forum_id = bbp_get_forum_parent_id($forum_id);
    // Forum exists
    if (!empty($forum_parent_id) && $forum_parent_id !== $current_parent_forum_id) {
        // Forum is closed and user cannot access
        if (bbp_is_forum_closed($forum_parent_id) && !current_user_can('edit_forum', $forum_parent_id)) {
            bbp_add_error('bbp_edit_forum_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress'));
        }
        // Forum is private and user cannot access
        if (bbp_is_forum_private($forum_parent_id) && !current_user_can('read_private_forums')) {
            bbp_add_error('bbp_edit_forum_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress'));
        }
        // Forum is hidden and user cannot access
        if (bbp_is_forum_hidden($forum_parent_id) && !current_user_can('read_hidden_forums')) {
            bbp_add_error('bbp_edit_forum_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress'));
        }
    }
    /** Forum Title ***********************************************************/
    if (!empty($_POST['bbp_forum_title'])) {
        $forum_title = esc_attr(strip_tags($_POST['bbp_forum_title']));
    }
    // Filter and sanitize
    $forum_title = apply_filters('bbp_edit_forum_pre_title', $forum_title, $forum_id);
//.........这里部分代码省略.........
开发者ID:jenia-buianov,项目名称:all_my_sites,代码行数:101,代码来源:functions.php

示例5: bbp_edit_user_handler

/**
 * Handles the front end user editing
 *
 * @uses is_multisite() To check if it's a multisite
 * @uses bbp_is_user_home() To check if the user is at home (the display page
 *                           is the one of the logged in user)
 * @uses get_option() To get the displayed user's new email id option
 * @uses wpdb::prepare() To sanitize our sql query
 * @uses wpdb::get_var() To execute our query and get back the variable
 * @uses wpdb::query() To execute our query
 * @uses wp_update_user() To update the user
 * @uses delete_option() To delete the displayed user's email id option
 * @uses bbp_get_user_profile_edit_url() To get the edit profile url
 * @uses wp_safe_redirect() To redirect to the url
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit the user
 * @uses do_action() Calls 'personal_options_update' or
 *                   'edit_user_options_update' (based on if it's the user home)
 *                   with the displayed user id
 * @uses edit_user() To edit the user based on the post data
 * @uses get_userdata() To get the user data
 * @uses is_email() To check if the string is an email id or not
 * @uses wpdb::get_blog_prefix() To get the blog prefix
 * @uses is_network_admin() To check if the user is the network admin
 * @uses is_super_admin() To check if the user is super admin
 * @uses revoke_super_admin() To revoke super admin priviledges
 * @uses grant_super_admin() To grant super admin priviledges
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 */
function bbp_edit_user_handler()
{
    // Bail if not a POST action
    if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
        return;
    }
    // Bail if action is not 'bbp-update-user'
    if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
        return;
    }
    // Get the displayed user ID
    $user_id = bbp_get_displayed_user_id();
    // Execute confirmed email change. See send_confirmation_on_profile_email().
    if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
        $new_email = get_option($user_id . '_new_email');
        if ($new_email['hash'] == $_GET['newuseremail']) {
            $user = new stdClass();
            $user->ID = $user_id;
            $user->user_email = esc_html(trim($new_email['newemail']));
            global $wpdb;
            if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
                $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
            }
            wp_update_user(get_object_vars($user));
            delete_option($user_id . '_new_email');
            wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
            exit;
        }
        // Delete new email address from user options
    } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
        delete_option($user_id . '_new_email');
        wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
        exit;
    }
    // Nonce check
    if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
        bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Cap check
    if (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Do action based on who's profile you're editing
    $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
    do_action($edit_action, $user_id);
    // Handle user edit
    $edit_user = edit_user($user_id);
    // Error(s) editng the user, so copy them into the global
    if (is_wp_error($edit_user)) {
        bbpress()->errors = $edit_user;
        // Successful edit to redirect
    } elseif (is_integer($edit_user)) {
        // Maybe update super admin ability
        if (is_multisite() && !bbp_is_user_home_edit()) {
            empty($_POST['super_admin']) ? revoke_super_admin($edit_user) : grant_super_admin($edit_user);
        }
        $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user));
        wp_safe_redirect($redirect);
        exit;
    }
}
开发者ID:hscale,项目名称:webento,代码行数:92,代码来源:functions.php

示例6: bbp_buddypress_mark_notifications

/**
 * Mark notifications as read when reading a topic
 *
 * @since 2.5.0 bbPress (r5155)
 *
 * @return If not trying to mark a notification as read
 */
function bbp_buddypress_mark_notifications($action = '')
{
    // Bail if no topic ID is passed
    if (empty($_GET['topic_id'])) {
        return;
    }
    // Bail if action is not for this function
    if ('bbp_mark_read' !== $action) {
        return;
    }
    // Get required data
    $user_id = bp_loggedin_user_id();
    $topic_id = intval($_GET['topic_id']);
    // Check nonce
    if (!bbp_verify_nonce_request('bbp_mark_topic_' . $topic_id)) {
        bbp_add_error('bbp_notification_topic_id', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        // Check current user's ability to edit the user
    } elseif (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_notification_permissions', __('<strong>ERROR</strong>: You do not have permission to mark notifications for that user.', 'bbpress'));
    }
    // Bail if we have errors
    if (!bbp_has_errors()) {
        // Attempt to clear notifications for the current user from this topic
        $success = bp_notifications_mark_notifications_by_item_id($user_id, $topic_id, bbp_get_component_name(), 'bbp_new_reply');
        // Do additional subscriptions actions
        do_action('bbp_notifications_handler', $success, $user_id, $topic_id, $action);
    }
    // Redirect to the topic
    $redirect = bbp_get_reply_url($topic_id);
    // Redirect
    bbp_redirect($redirect);
}
开发者ID:joeyblake,项目名称:bbpress,代码行数:39,代码来源:notifications.php

示例7: bbp_move_reply_handler

/**
 * Move reply handler
 *
 * Handles the front end move reply submission
 *
 * @since bbPress (r4521)
 *
 * @param string $action The requested action to compare this function to
 * @uses bbp_add_error() To add an error message
 * @uses bbp_get_reply() To get the reply
 * @uses bbp_get_topic() To get the topics
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit the reply and topics
 * @uses bbp_get_topic_post_type() To get the topic post type
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 * @uses do_action() Calls 'bbp_pre_move_reply' with the from reply id, source
 *                    and destination topic ids
 * @uses bbp_get_reply_post_type() To get the reply post type
 * @uses wpdb::prepare() To prepare our sql query
 * @uses wpdb::get_results() To execute the sql query and get results
 * @uses wp_update_post() To update the replies
 * @uses bbp_update_reply_topic_id() To update the reply topic id
 * @uses bbp_get_topic_forum_id() To get the topic forum id
 * @uses bbp_update_reply_forum_id() To update the reply forum id
 * @uses do_action() Calls 'bbp_split_topic_reply' with the reply id and
 *                    destination topic id
 * @uses bbp_update_topic_last_reply_id() To update the topic last reply id
 * @uses bbp_update_topic_last_active_time() To update the topic last active meta
 * @uses do_action() Calls 'bbp_post_split_topic' with the destination and
 *                    source topic ids and source topic's forum id
 * @uses bbp_get_topic_permalink() To get the topic permalink
 * @uses wp_safe_redirect() To redirect to the topic link
 */
function bbp_move_reply_handler($action = '')
{
    // Bail if action is not 'bbp-move-reply'
    if ('bbp-move-reply' !== $action) {
        return;
    }
    // Prevent debug notices
    $move_reply_id = $destination_topic_id = 0;
    $destination_topic_title = '';
    $destination_topic = $move_reply = $source_topic = '';
    /** Move Reply ***********************************************************/
    if (empty($_POST['bbp_reply_id'])) {
        bbp_add_error('bbp_move_reply_reply_id', __('<strong>ERROR</strong>: Reply ID to move not found!', 'bbpress'));
    } else {
        $move_reply_id = (int) $_POST['bbp_reply_id'];
    }
    $move_reply = bbp_get_reply($move_reply_id);
    // Reply exists
    if (empty($move_reply)) {
        bbp_add_error('bbp_mover_reply_r_not_found', __('<strong>ERROR</strong>: The reply you want to move was not found.', 'bbpress'));
    }
    /** Topic to Move From ***************************************************/
    // Get the reply's current topic
    $source_topic = bbp_get_topic($move_reply->post_parent);
    // No topic
    if (empty($source_topic)) {
        bbp_add_error('bbp_move_reply_source_not_found', __('<strong>ERROR</strong>: The topic you want to move from was not found.', 'bbpress'));
    }
    // Nonce check failed
    if (!bbp_verify_nonce_request('bbp-move-reply_' . $move_reply->ID)) {
        bbp_add_error('bbp_move_reply_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Use cannot edit topic
    if (!current_user_can('edit_topic', $source_topic->ID)) {
        bbp_add_error('bbp_move_reply_source_permission', __('<strong>ERROR</strong>: You do not have the permissions to edit the source topic.', 'bbpress'));
    }
    // How to move
    if (!empty($_POST['bbp_reply_move_option'])) {
        $move_option = (string) trim($_POST['bbp_reply_move_option']);
    }
    // Invalid move option
    if (empty($move_option) || !in_array($move_option, array('existing', 'topic'))) {
        bbp_add_error('bbp_move_reply_option', __('<strong>ERROR</strong>: You need to choose a valid move option.', 'bbpress'));
        // Valid move option
    } else {
        // What kind of move
        switch ($move_option) {
            // Into an existing topic
            case 'existing':
                // Get destination topic id
                if (empty($_POST['bbp_destination_topic'])) {
                    bbp_add_error('bbp_move_reply_destination_id', __('<strong>ERROR</strong>: Destination topic ID not found!', 'bbpress'));
                } else {
                    $destination_topic_id = (int) $_POST['bbp_destination_topic'];
                }
                // Get the destination topic
                $destination_topic = bbp_get_topic($destination_topic_id);
                // No destination topic
                if (empty($destination_topic)) {
                    bbp_add_error('bbp_move_reply_destination_not_found', __('<strong>ERROR</strong>: The topic you want to move to was not found!', 'bbpress'));
                }
                // User cannot edit the destination topic
                if (!current_user_can('edit_topic', $destination_topic->ID)) {
                    bbp_add_error('bbp_move_reply_destination_permission', __('<strong>ERROR</strong>: You do not have the permissions to edit the destination topic!', 'bbpress'));
                }
                // Bump the reply position
//.........这里部分代码省略.........
开发者ID:igniterealtime,项目名称:community-plugins,代码行数:101,代码来源:functions.php

示例8: bbp_is_reply_form_post_request

/**
 * Verify if a POST request came from a failed reply attempt.
 *
 * Used to avoid cross-site request forgeries when checking posted reply form
 * content.
 *
 * @see bbp_reply_form_fields()
 *
 * @since 2.6.0 bbPress (r5558)
 *
 * @return boolean True if is a post request with valid nonce
 */
function bbp_is_reply_form_post_request()
{
    // Bail if not a post request
    if (!bbp_is_post_request()) {
        return false;
    }
    // Creating a new reply
    if (bbp_verify_nonce_request('bbp-new-reply')) {
        return true;
    }
    // Editing an existing reply
    if (bbp_verify_nonce_request('bbp-edit-reply')) {
        return true;
    }
    return false;
}
开发者ID:CompositeUK,项目名称:clone.bbPress,代码行数:28,代码来源:template.php

示例9: bbp_edit_user_handler

/**
 * Handles the front end user editing
 *
 * @uses is_multisite() To check if it's a multisite
 * @uses bbp_is_user_home() To check if the user is at home (the display page
 *                           is the one of the logged in user)
 * @uses get_option() To get the displayed user's new email id option
 * @uses wpdb::prepare() To sanitize our sql query
 * @uses wpdb::get_var() To execute our query and get back the variable
 * @uses wpdb::query() To execute our query
 * @uses wp_update_user() To update the user
 * @uses delete_option() To delete the displayed user's email id option
 * @uses bbp_get_user_profile_edit_url() To get the edit profile url
 * @uses wp_safe_redirect() To redirect to the url
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit the user
 * @uses do_action() Calls 'personal_options_update' or
 *                   'edit_user_options_update' (based on if it's the user home)
 *                   with the displayed user id
 * @uses edit_user() To edit the user based on the post data
 * @uses get_userdata() To get the user data
 * @uses is_email() To check if the string is an email id or not
 * @uses wpdb::get_blog_prefix() To get the blog prefix
 * @uses is_network_admin() To check if the user is the network admin
 * @uses is_super_admin() To check if the user is super admin
 * @uses revoke_super_admin() To revoke super admin priviledges
 * @uses grant_super_admin() To grant super admin priviledges
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 */
function bbp_edit_user_handler()
{
    // Bail if not a POST action
    if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
        return;
    }
    // Bail if action is not 'bbp-update-user'
    if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
        return;
    }
    // Get the displayed user ID
    $user_id = bbp_get_displayed_user_id();
    global $wpdb, $user_login, $super_admins;
    // Execute confirmed email change. See send_confirmation_on_profile_email().
    if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
        $new_email = get_option($user_id . '_new_email');
        if ($new_email['hash'] == $_GET['newuseremail']) {
            $user = new stdClass();
            $user->ID = $user_id;
            $user->user_email = esc_html(trim($new_email['newemail']));
            if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
                $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
            }
            wp_update_user(get_object_vars($user));
            delete_option($user_id . '_new_email');
            wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
            exit;
        }
    } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
        delete_option($user_id . '_new_email');
        wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
        exit;
    }
    // Nonce check
    if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
        bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Cap check
    if (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Do action based on who's profile you're editing
    $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
    do_action($edit_action, $user_id);
    // Multisite handles the trouble for us ;)
    if (!is_multisite()) {
        $edit_user = edit_user($user_id);
        // Single site means we need to do some manual labor
    } else {
        $user = get_userdata($user_id);
        // Update the email address in signups, if present.
        if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) {
            $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login));
        }
        // WPMU must delete the user from the current blog if WP added him after editing.
        $delete_role = false;
        $blog_prefix = $wpdb->get_blog_prefix();
        if ($user_id != $user_id) {
            $cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'");
            if (!is_network_admin() && null == $cap && $_POST['role'] == '') {
                $_POST['role'] = 'contributor';
                $delete_role = true;
            }
        }
        $edit_user = edit_user($user_id);
        // stops users being added to current blog when they are edited
        if (true === $delete_role) {
            delete_user_meta($user_id, $blog_prefix . 'capabilities');
        }
//.........这里部分代码省略.........
开发者ID:hscale,项目名称:webento,代码行数:101,代码来源:bbp-user-functions.php

示例10: create_screen_save

 /**
  * Save the Group Forum data on create
  *
  * @since bbPress (r3465)
  */
 public function create_screen_save($group_id = 0)
 {
     // Nonce check
     if (!bbp_verify_nonce_request('groups_create_save_' . $this->slug)) {
         bbp_add_error('bbp_create_group_forum_screen_save', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
         return;
     }
     // Check for possibly empty group_id
     if (empty($group_id)) {
         $group_id = bp_get_new_group_id();
     }
     $create_forum = !empty($_POST['bbp-create-group-forum']) ? true : false;
     $forum_id = 0;
     $forum_ids = bbp_get_group_forum_ids($group_id);
     if (!empty($forum_ids)) {
         $forum_id = (int) is_array($forum_ids) ? $forum_ids[0] : $forum_ids;
     }
     // Create a forum, or not
     switch ($create_forum) {
         case true:
             // Bail if initial content was already created
             if (!empty($forum_id)) {
                 return;
             }
             // Set the default forum status
             switch (bp_get_new_group_status()) {
                 case 'hidden':
                     $status = bbp_get_hidden_status_id();
                     break;
                 case 'private':
                     $status = bbp_get_private_status_id();
                     break;
                 case 'public':
                 default:
                     $status = bbp_get_public_status_id();
                     break;
             }
             // Create the initial forum
             $forum_id = bbp_insert_forum(array('post_parent' => bbp_get_group_forums_root_id(), 'post_title' => bp_get_new_group_name(), 'post_content' => bp_get_new_group_description(), 'post_status' => $status));
             // Run the BP-specific functions for new groups
             $this->new_forum(array('forum_id' => $forum_id));
             // Update forum active
             groups_update_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id, true);
             // Toggle forum on
             $this->toggle_group_forum(bp_get_new_group_id(), true);
             break;
         case false:
             // Forum was created but is now being undone
             if (!empty($forum_id)) {
                 // Delete the forum
                 wp_delete_post($forum_id, true);
                 // Delete meta values
                 groups_delete_groupmeta(bp_get_new_group_id(), 'forum_id');
                 groups_delete_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id);
                 // Toggle forum off
                 $this->toggle_group_forum(bp_get_new_group_id(), false);
             }
             break;
     }
 }
开发者ID:luskyj89,项目名称:mt-wordpress,代码行数:65,代码来源:groups.php

示例11: bbp_edit_reply_handler

/**
 * Handles the front end edit reply submission
 *
 * @uses bbp_add_error() To add an error message
 * @uses bbp_get_reply() To get the reply
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses bbp_is_reply_anonymous() To check if the reply was by an anonymous user
 * @uses current_user_can() To check if the current user can edit that reply
 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 * @uses remove_filter() To remove 'wp_filter_kses' filters if needed
 * @uses esc_attr() For sanitization
 * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and
 *                       reply id
 * @uses apply_filters() Calls 'bbp_edit_reply_pre_content' with the content
 *                        reply id
 * @uses wp_set_post_terms() To set the topic tags
 * @uses bbp_has_errors() To get the {@link WP_Error} errors
 * @uses wp_save_post_revision() To save a reply revision
 * @uses bbp_update_reply_revision_log() To update the reply revision log
 * @uses wp_update_post() To update the reply
 * @uses bbp_get_reply_topic_id() To get the reply topic id
 * @uses bbp_get_topic_forum_id() To get the topic forum id
 * @uses do_action() Calls 'bbp_edit_reply' with the reply id, topic id, forum
 *                    id, anonymous data, reply author and bool true (for edit)
 * @uses bbp_get_reply_url() To get the paginated url to the reply
 * @uses wp_safe_redirect() To redirect to the reply url
 * @uses bbPress::errors::get_error_message() To get the {@link WP_Error} error
 *                                             message
 */
function bbp_edit_reply_handler()
{
    // Bail if not a POST action
    if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
        return;
    }
    // Bail if action is not bbp-edit-reply
    if (empty($_POST['action']) || 'bbp-edit-reply' !== $_POST['action']) {
        return;
    }
    // Define local variable(s)
    $revisions_removed = false;
    $reply = $reply_id = $reply_author = $topic_id = $forum_id = $anonymous_data = 0;
    $reply_title = $reply_content = $reply_edit_reason = $terms = '';
    /** Reply *****************************************************************/
    // Reply id was not passed
    if (empty($_POST['bbp_reply_id'])) {
        bbp_add_error('bbp_edit_reply_id', __('<strong>ERROR</strong>: Reply ID not found.', 'bbpress'));
        return;
        // Reply id was passed
    } elseif (is_numeric($_POST['bbp_reply_id'])) {
        $reply_id = (int) $_POST['bbp_reply_id'];
        $reply = bbp_get_reply($reply_id);
    }
    // Nonce check
    if (!bbp_verify_nonce_request('bbp-edit-reply_' . $reply_id)) {
        bbp_add_error('bbp_edit_reply_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Reply does not exist
    if (empty($reply)) {
        bbp_add_error('bbp_edit_reply_not_found', __('<strong>ERROR</strong>: The reply you want to edit was not found.', 'bbpress'));
        return;
        // Reply exists
    } else {
        // Check users ability to create new reply
        if (!bbp_is_reply_anonymous($reply_id)) {
            // User cannot edit this reply
            if (!current_user_can('edit_reply', $reply_id)) {
                bbp_add_error('bbp_edit_reply_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that reply.', 'bbpress'));
                return;
            }
            // Set reply author
            $reply_author = bbp_get_reply_author_id($reply_id);
            // It is an anonymous post
        } else {
            // Filter anonymous data
            $anonymous_data = bbp_filter_anonymous_post_data();
        }
    }
    // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
    if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_reply']) && wp_create_nonce('bbp-unfiltered-html-reply_' . $reply_id) == $_POST['_bbp_unfiltered_html_reply']) {
        remove_filter('bbp_edit_reply_pre_title', 'wp_filter_kses');
        remove_filter('bbp_edit_reply_pre_content', 'wp_filter_kses');
    }
    /** Reply Topic ***********************************************************/
    $topic_id = bbp_get_reply_topic_id($reply_id);
    /** Topic Forum ***********************************************************/
    $forum_id = bbp_get_topic_forum_id($topic_id);
    // Forum exists
    if (!empty($forum_id) && $forum_id !== bbp_get_reply_forum_id($reply_id)) {
        // Forum is a category
        if (bbp_is_forum_category($forum_id)) {
            bbp_add_error('bbp_edit_reply_forum_category', __('<strong>ERROR</strong>: This forum is a category. No topics or replies can be created in it.', 'bbpress'));
        }
        // Forum is closed and user cannot access
        if (bbp_is_forum_closed($forum_id) && !current_user_can('edit_forum', $forum_id)) {
            bbp_add_error('bbp_edit_reply_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new topics and replies.', 'bbpress'));
        }
        // Forum is private and user cannot access
//.........这里部分代码省略.........
开发者ID:hscale,项目名称:webento,代码行数:101,代码来源:functions.php

示例12: bbp_user_email_change_handler

/**
 * Handles user email address updating from GET requests
 *
 * @since 2.6.0 bbPress (r5660)
 *
 * @param string $action
 *
 * @uses bbp_is_user_home_edit()         To check if on the current users profile edit page
 * @uses bbp_get_displayed_user_id()     To get the ID of the user being edited
 * @uses bbp_get_user_profile_edit_url() To get the URL of the user being edited
 * @uses bbp_redirect()                  To redirect away from the current page
 * @uses hash_equals()                   To compare email hash to saved option hash
 * @uses email_exists()                  To check if user has email address already
 * @uses bbp_add_error()                 To add user feedback
 * @uses wp_update_user()                To update the user with their new email address
 * @uses bbp_verify_nonce_request()      To verify the intent of the user
 */
function bbp_user_email_change_handler($action = '')
{
    // Bail if action is not `bbp-update-user-email`
    if ('bbp-update-user-email' !== $action) {
        return;
    }
    // Bail if not on users own profile
    if (!bbp_is_user_home_edit()) {
        return;
    }
    // Bail if not attempting to modify user email address
    if (empty($_GET['newuseremail']) && empty($_GET['dismiss'])) {
        return;
    }
    // Get the displayed user ID & option key
    $user_id = bbp_get_displayed_user_id();
    $key = $user_id . '_new_email';
    $redirect_to = bbp_get_user_profile_edit_url($user_id);
    // Execute confirmed email change.
    if (!empty($_GET['newuseremail'])) {
        // Check for email address change option
        $new_email = get_option($key);
        // Redirect if *no* email address change exists
        if (false === $new_email) {
            bbp_redirect($redirect_to);
        }
        // Cleanup & redirect if *invalid* email address change exists
        if (empty($new_email['hash']) || empty($new_email['newemail'])) {
            delete_option($key);
            bbp_redirect($redirect_to);
        }
        // Compare hashes, and update user if hashes match
        if (hash_equals($new_email['hash'], $_GET['newuseremail'])) {
            // Does another user have this email address already?
            if (email_exists($new_email['newemail'])) {
                delete_option($key);
                bbp_add_error('bbp_user_email_taken', __('<strong>ERROR</strong>: That email address is already in use.', 'bbpress'), array('form-field' => 'email'));
                // Email address is good to change to
            } else {
                // Create a stdClass (for easy call to wp_update_user())
                $user = new stdClass();
                $user->ID = $user_id;
                $user->user_email = esc_html(trim($new_email['newemail']));
                // Attempt to update user email
                $update_user = wp_update_user($user);
                // Error(s) editing the user, so copy them into the global
                if (is_wp_error($update_user)) {
                    bbpress()->errors = $update_user;
                    // All done, so redirect and show the updated message
                } else {
                    // Update signups table, if signups table & entry exists
                    // For Multisite & BuddyPress compatibility
                    $bbp_db = bbp_db();
                    if (!empty($bbp_db->signups) && $bbp_db->get_var($bbp_db->prepare("SELECT user_login FROM {$bbp_db->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login', 'raw')))) {
                        $bbp_db->query($bbp_db->prepare("UPDATE {$bbp_db->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login', 'raw')));
                    }
                    delete_option($key);
                    bbp_redirect(add_query_arg(array('updated' => 'true'), $redirect_to));
                }
            }
        }
        // Delete new email address from user options
    } elseif (!empty($_GET['dismiss']) && $key === $_GET['dismiss']) {
        if (!bbp_verify_nonce_request("dismiss-{$key}")) {
            bbp_add_error('bbp_dismiss_new_email_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
            return;
        }
        delete_option($key);
        bbp_redirect($redirect_to);
    }
}
开发者ID:CompositeUK,项目名称:clone.bbPress,代码行数:88,代码来源:functions.php


注:本文中的bbp_verify_nonce_request函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。