WordPress.org
Get WordPress

Making WordPress.org

Changeset 12412


Ignore:
Timestamp:
02/22/2023 12:54:20 AM (2 years ago)
Author:
Clorith
Message:

Support Forums: Check intent before updating user preferences.

The bbPress profile page may be triggered by various scenarios that do not have the full context of a profile edit included.

By introducing a hidden input field in the form areas which need a "yes or no" type response, indicated by checkboxes, we can ensure that these are not unintentionally cleared or set from profile modifications made without the options even being presented to the user.

Props zoonini.
Fixes #6509.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-blocks.php

    r12366 r12412  
    160160        printf(
    161161            '<p>
     162                <input type="hidden" name="can_update_block_editor_preference" value="true">
    162163                <input name="block_editor" id="block_editor" type="checkbox" value="disabled" %s />
    163164                <label for="block_editor">%s</label>
     
    175176     */
    176177    public function bbp_profile_update( $user_id ) {
     178        // Catch profile updates that should not be able to include the "Disable Block Editor" preference, and return early.
     179        if ( ! isset( $_REQUEST['can_update_block_editor_preference'] ) ) {
     180            return;
     181        }
     182
    177183        $disabled = ! empty( $_REQUEST['block_editor'] ) && 'disabled' === $_REQUEST['block_editor'];
    178184

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-also-viewing/wporg-bbp-also-viewing.php

    r12328 r12412  
    7373/**
    7474 * Whether Also Viewing is enabled for the current user.
    75  * 
     75 *
    7676 * @param int $user_id The user ID to check for.
    77  * 
     77 *
    7878 * @return bool
    7979 */
     
    8888/**
    8989 * Whether Also Viewing is able to be activated for the current user.
    90  * 
     90 *
    9191 * @param int $user_id The user ID to check for.
    92  * 
     92 *
    9393 * @return bool
    9494 */
     
    110110/**
    111111 * The current page "slug"/"path" for refering to the current request.
    112  * 
     112 *
    113113 * This uses the WordPress.org SEO plugin for the canonical url, or falls back to REQUEST_URI.
    114  * 
     114 *
    115115 * @return string The path for the current page, eg. 'view/no-replies'
    116116 */
     
    131131/**
    132132 * Sanitizes a given string/url/path to the format used for uniquely identifying pages.
    133  * 
     133 *
    134134 * @param string $page The strng/url/path
    135  * 
     135 *
    136136 * @return string The sanitized $page.
    137137 */
     
    194194    printf(
    195195        '<p>
     196        <input type="hidden" name="can_update_also_viewing_preference" value="true">
    196197        <input name="also_viewing" id="also_viewing_toggle" type="checkbox" value="yes" %s>
    197198        <label for="also_viewing_toggle">%s</label>
     
    209210 */
    210211function bbp_profile_update( $user_id ) {
     212    // Catch profile updates that should not be able to include the Also Viewing preference, and return early.
     213    if ( ! isset( $_REQUEST['can_update_also_viewing_preference'] ) ) {
     214        return;
     215    }
     216
    211217    $enabled = ! empty( $_REQUEST['also_viewing'] ) && 'yes' === $_REQUEST['also_viewing'];
    212218
     
    222228/**
    223229 * Get the list of users who are currently viewing a page.
    224  * 
     230 *
    225231 * @param string $page The page to get the userse for.
    226  * 
     232 *
    227233 * @return array Array of user names + if they're typing.
    228234 */
     
    268274/**
    269275 * Get the list of OTHER users who are currently viewing a page.
    270  * 
     276 *
    271277 * @param string $page The page to get the userse for.
    272  * 
     278 *
    273279 * @return array Array of user names + if they're typing.
    274280 */
     
    286292/**
    287293 * Mark a user as currently viewing/typing on the current page.
    288  * 
     294 *
    289295 * @param string $page    The page being viewed. Default current page.
    290296 * @param bool   $typing  If the current user is typing. Default false.
    291297 * @param int    $user_id The user ID who is viewing/typing.
    292  * 
     298 *
    293299 * @return bool
    294300 */
     
    333339/**
    334340 * Mark a user as no longer viewing a page.
    335  * 
     341 *
    336342 * @param string $page    The page to no longer view. Defaults to clearing all pages.
    337343 * @param int    $user_id The user ID no longer viewing the page. Default current user.
     
    430436/**
    431437 * The table name used for storing the state of users.
    432  * 
     438 *
    433439 * @return string
    434440 */
     
    441447/**
    442448 * Maybe create the database table used for this plugin.
    443  * 
     449 *
    444450 * This only runs once per site, ever.
    445451 */
Note: See TracChangeset for help on using the changeset viewer.