Making WordPress.org

Changeset 5280


Ignore:
Timestamp:
04/07/2017 02:13:43 PM (8 years ago)
Author:
SergeyBiryukov
Message:

Support Forums: Disable redirect_guess_404_permalink() for hidden topics.

This prevents Spam, Pending, or Archived topics that the current user cannot view from performing a redirect to other unrelated topics.

Fixes #2671.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-hooks.php

    r5171 r5280  
    1010        add_action( 'pre_get_posts',                  array( $this, 'hide_non_public_forums' ) );
    1111        add_filter( 'pre_option__bbp_edit_lock',      array( $this, 'increase_edit_lock_time' ) );
     12        add_filter( 'redirect_canonical',             array( $this, 'disable_redirect_guess_404_permalink' ) );
    1213
    1314        // Display-related filters and actions.
     
    7677    function increase_edit_lock_time() {
    7778        return 60;
     79    }
     80
     81    /**
     82     * Disable redirect_guess_404_permalink() for hidden topics.
     83     *
     84     * Prevents Spam, Pending, or Archived topics that the current user cannot view
     85     * from performing a redirect to other unrelated topics.
     86     *
     87     * @param string $redirect_url The redirect URL.
     88     * @return string Filtered redirect URL.
     89     */
     90    function disable_redirect_guess_404_permalink( $redirect_url ) {
     91        if ( is_404() && 'topic' === get_query_var( 'post_type' ) && get_query_var( 'name' ) ) {
     92            $hidden_topic = get_posts( array(
     93                'name'        => get_query_var( 'name' ),
     94                'post_type'   => 'topic',
     95                'post_status' => array( 'spam', 'pending', 'archived' ),
     96            ) );
     97            $hidden_topic = reset( $hidden_topic );
     98
     99            if ( $hidden_topic && ! current_user_can( 'read_topic', $hidden_topic->ID ) ) {
     100                $redirect_url = false;
     101            }
     102        }
     103
     104        return $redirect_url;
    78105    }
    79106
Note: See TracChangeset for help on using the changeset viewer.