Changeset 10594
- Timestamp:
- 01/19/2021 04:38:56 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-user-notes.php
r10580 r10594 22 22 add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); 23 23 24 add_action( 'bbp_post_request', array( $this, 'add_user_note_request' ) );24 add_action( 'bbp_post_request', array( $this, 'add_user_note_request' ), 0 ); // Low priority to get below bbp_edit_user_handler() 25 25 add_action( 'bbp_get_request', array( $this, 'delete_user_note_request' ) ); 26 26 … … 31 31 add_action( 'bbp_theme_before_reply_content', array( $this, 'display_user_notes_in_content' ) ); 32 32 add_action( 'bbp_template_after_user_profile', array( $this, 'display_user_notes_in_profile' ) ); 33 add_action( 'bbp_user_edit_after', array( $this, 'display_user_notes_in_profile_edit' ) ); 33 34 } 34 35 … … 50 51 */ 51 52 public function add_user_note_request( $action = '' ) { 52 if ( 'wporg_bbp_add_user_note' !== $action || ! current_user_can( 'moderate' ) ) { 53 return; 54 } 53 if ( 54 ! current_user_can( 'moderate' ) || 55 ! in_array( $action, [ 'bbp-update-user', 'wporg_bbp_add_user_note' ] ) 56 ) { 57 return; 58 } 59 60 $should_redirect = 'wporg_bbp_add_user_note' === $action; 55 61 56 62 $user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0; … … 65 71 66 72 // Make sure our nonces are in order. 67 if ( ! bbp_verify_nonce_request( sprintf( 'wporg-bbp-add-user-note_%d', $user_id ) ) ) {73 if ( ! bbp_verify_nonce_request( sprintf( 'wporg-bbp-add-user-note_%d', $user_id ), '_notenonce' ) ) { 68 74 return; 69 75 } … … 71 77 $this->add_user_note( $user_id, $note_text, $post_id, $note_id ); 72 78 73 $redirect_url = set_url_scheme( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 74 75 // Redirect to clear form data. 76 bbp_redirect( $redirect_url ); 79 if ( $should_redirect ) { 80 $redirect_url = set_url_scheme( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 81 82 // Redirect to clear form data. 83 bbp_redirect( $redirect_url ); 84 } 77 85 } 78 86 … … 130 138 } 131 139 132 update_user_meta( $user_id, self::META, $user_notes ); 140 if ( update_user_meta( $user_id, self::META, $user_notes ) ) { 141 // Clear internal cache. 142 unset( $this->user_notes[ $user_id ] ); 143 } 133 144 134 145 return true; … … 153 164 154 165 // Make sure our nonces are in order. 155 if ( ! bbp_verify_nonce_request( sprintf( 'wporg-bbp-delete-user-note_%d_%d', $user_id, $note_id ) ) ) {166 if ( ! bbp_verify_nonce_request( sprintf( 'wporg-bbp-delete-user-note_%d_%d', $user_id, $note_id ), '_notenonce' ) ) { 156 167 return; 157 168 } … … 159 170 $this->delete_user_note( $user_id, $note_id ); 160 171 161 $redirect_url = remove_query_arg( array( 'action', 'user_id', 'note_id', '_ wpnonce' ) );172 $redirect_url = remove_query_arg( array( 'action', 'user_id', 'note_id', '_notenonce' ) ); 162 173 163 174 // Redirect to clear URL. … … 200 211 * 201 212 * @param int $user_id User ID. Defaults to the current post author. 213 * @param bool $display_add_note_form Whether to show the Add New Note form. 202 214 * @return array { 203 215 * Array of user notes. … … 208 220 * } 209 221 */ 210 public function get_user_notes( $user_id = 0 ) {222 public function get_user_notes( $user_id = 0, $display_add_note_form = true ) { 211 223 if ( ! $user_id ) { 212 224 $user_id = get_the_author_meta( 'ID' ); … … 225 237 $note_id = isset( $_GET['note_id'] ) ? (int) $_GET['note_id'] : 0; 226 238 $edit_note = isset( $user_notes[ $note_id ] ); 239 240 // Don't display the new note form when editing a note. 241 if ( $edit_note ) { 242 $display_add_note_form = false; 243 } 227 244 228 245 $this->user_notes[ $user_id ] = (object) array( … … 280 297 'note_id' => $key, 281 298 ), $redirect_on_delete ), 282 sprintf( 'wporg-bbp-delete-user-note_%d_%d', $user_id, $key ) 299 sprintf( 'wporg-bbp-delete-user-note_%d_%d', $user_id, $key ), 300 '_notenonce' 283 301 ) ), 284 302 __( 'Delete', 'wporg-forums' ) … … 308 326 } 309 327 310 if ( ! $edit_note) {328 if ( $display_add_note_form ) { 311 329 ob_start(); 312 330 $this->display_note_form( $user_id ); … … 324 342 * 325 343 * @param int $user_id User ID. Default 0. 344 * @param bool $display_add_note_form Whether to show the add new note form. Default true. 326 345 * @return string User notes output. 327 346 */ 328 public function get_user_notes_html( $user_id = 0 ) {329 $user_notes = $this->get_user_notes( $user_id )->html;347 public function get_user_notes_html( $user_id = 0, $display_add_note_form = true ) { 348 $user_notes = $this->get_user_notes( $user_id, $display_add_note_form )->html; 330 349 331 350 if ( ! bbp_is_single_user_profile() ) { … … 420 439 ?> 421 440 <form action="###POST_PERMALINK###" method="post" class="wporg-bbp-add-user-note"> 422 <?php wp_nonce_field( sprintf( 'wporg-bbp-add-user-note_%d', $user_id ) ); ?>441 <?php wp_nonce_field( sprintf( 'wporg-bbp-add-user-note_%d', $user_id ), '_notenonce' ); ?> 423 442 <input type="hidden" name="action" value="wporg_bbp_add_user_note"> 424 443 <input type="hidden" name="user_id" value="<?php echo esc_attr( $user_id ); ?>"> … … 537 556 } 538 557 558 559 /** 560 * Displays existing notes and the form for adding a new note in user edit profile. 561 */ 562 public function display_user_notes_in_profile_edit() { 563 if ( ! current_user_can( 'moderate' ) ) { 564 return; 565 } 566 567 $user_id = bbp_get_displayed_user_id(); 568 569 // Only super admins can see notes on the current user. 570 if ( ! is_super_admin() && $user_id == get_current_user_id() ) { 571 return; 572 } 573 574 // Only keymasters can see notes on moderators. 575 if ( user_can( $user_id, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) { 576 return; 577 } 578 ?> 579 <div class="wporg-bbp-user-notes"> 580 <h2 id="user-notes" class="entry-title"><?php esc_html_e( 'User Notes', 'wporg-forums' ); ?></h2> 581 <div class="bbp-user-section"> 582 <?php echo $this->get_user_notes_html( $user_id, false ); ?> 583 584 <div class="wporg-bbp-add-user-note"> 585 <?php wp_nonce_field( sprintf( 'wporg-bbp-add-user-note_%d', $user_id ), '_notenonce' ); ?> 586 <input type="hidden" name="user_id" value="<?php echo esc_attr( $user_id ); ?>"> 587 <label for="wporg-bbp-user-note-text" class=""><?php esc_html_e( 'Add your note', 'wporg-forums' ); ?></label><br> 588 <textarea name="note_text" id="wporg-bbp-user-note-text" cols="40" rows="5"><?php echo esc_textarea( $note_text ); ?></textarea> 589 </div> 590 </div> 591 </div> 592 <?php 593 } 594 539 595 }
Note: See TracChangeset
for help on using the changeset viewer.