[ Index ]

PHP Cross Reference of BuddyPress

title

Body

[close]

/src/bp-members/ -> bp-members-filters.php (source)

   1  <?php
   2  /**
   3   * BuddyPress Members Filters.
   4   *
   5   * Filters specific to the Members component.
   6   *
   7   * @package BuddyPress
   8   * @subpackage MembersFilters
   9   * @since 1.5.0
  10   */
  11  
  12  // Exit if accessed directly.
  13  defined( 'ABSPATH' ) || exit;
  14  
  15  /**
  16   * Escape commonly used fullname output functions.
  17   */
  18  add_filter( 'bp_displayed_user_fullname',    'esc_html' );
  19  add_filter( 'bp_get_loggedin_user_fullname', 'esc_html' );
  20  
  21  // Filter the user registration URL to point to BuddyPress's registration page.
  22  add_filter( 'register_url', 'bp_get_signup_page' );
  23  
  24  /**
  25   * Load additional sign-up sanitization filters on bp_loaded.
  26   *
  27   * These are used to prevent XSS in the BuddyPress sign-up process. You can
  28   * unhook these to allow for customization of your registration fields;
  29   * however, it is highly recommended that you leave these in place for the
  30   * safety of your network.
  31   *
  32   * @since 1.5.0
  33   */
  34  function bp_members_signup_sanitization() {
  35  
  36      // Filters on sign-up fields.
  37      $fields = array (
  38          'bp_get_signup_username_value',
  39          'bp_get_signup_email_value',
  40          'bp_get_signup_with_blog_value',
  41          'bp_get_signup_blog_url_value',
  42          'bp_get_signup_blog_title_value',
  43          'bp_get_signup_blog_privacy_value',
  44          'bp_get_signup_avatar_dir_value',
  45      );
  46  
  47      // Add the filters to each field.
  48      foreach( $fields as $filter ) {
  49          add_filter( $filter, 'esc_html',       1 );
  50          add_filter( $filter, 'wp_filter_kses', 2 );
  51          add_filter( $filter, 'stripslashes',   3 );
  52      }
  53  
  54      // Sanitize email.
  55      add_filter( 'bp_get_signup_email_value', 'sanitize_email' );
  56  }
  57  add_action( 'bp_loaded', 'bp_members_signup_sanitization' );
  58  
  59  /**
  60   * Make sure the username is not the blog slug in case of root profile & subdirectory blog.
  61   *
  62   * If BP_ENABLE_ROOT_PROFILES is defined & multisite config is set to subdirectories,
  63   * then there is a chance site.url/username == site.url/blogslug. If so, user's profile
  64   * is not reachable, instead the blog is displayed. This filter makes sure the signup username
  65   * is not the same than the blog slug for this particular config.
  66   *
  67   * @since 2.1.0
  68   *
  69   * @param array $illegal_names Array of illiegal names.
  70   * @return array $illegal_names
  71   */
  72  function bp_members_signup_with_subdirectory_blog( $illegal_names = array() ) {
  73      if ( ! bp_core_enable_root_profiles() ) {
  74          return $illegal_names;
  75      }
  76  
  77      if ( is_network_admin() && isset( $_POST['blog'] ) ) {
  78          $blog = $_POST['blog'];
  79          $domain = '';
  80  
  81          if ( preg_match( '|^([a-zA-Z0-9-])$|', $blog['domain'] ) ) {
  82              $domain = strtolower( $blog['domain'] );
  83          }
  84  
  85          if ( username_exists( $domain ) ) {
  86              $illegal_names[] = $domain;
  87          }
  88  
  89      } else {
  90          $illegal_names[] = buddypress()->signup->username;
  91      }
  92  
  93      return $illegal_names;
  94  }
  95  add_filter( 'subdirectory_reserved_names', 'bp_members_signup_with_subdirectory_blog', 10, 1 );
  96  
  97  /**
  98   * Filter the user profile URL to point to BuddyPress profile edit.
  99   *
 100   * @since 1.6.0
 101   *
 102   * @param string $url     WP profile edit URL.
 103   * @param int    $user_id ID of the user.
 104   * @param string $scheme  Scheme to use.
 105   * @return string
 106   */
 107  function bp_members_edit_profile_url( $url, $user_id, $scheme = 'admin' ) {
 108  
 109      // If xprofile is active, use profile domain link.
 110      if ( ! is_admin() && bp_is_active( 'xprofile' ) ) {
 111          $profile_link = trailingslashit( bp_core_get_user_domain( $user_id ) . bp_get_profile_slug() . '/edit' );
 112  
 113      } else {
 114          // Default to $url.
 115          $profile_link = $url;
 116      }
 117  
 118      /**
 119       * Filters the user profile URL to point to BuddyPress profile edit.
 120       *
 121       * @since 1.5.2
 122       *
 123       * @param string $url WP profile edit URL.
 124       * @param int    $user_id ID of the user.
 125       * @param string $scheme Scheme to use.
 126       */
 127      return apply_filters( 'bp_members_edit_profile_url', $profile_link, $url, $user_id, $scheme );
 128  }
 129  add_filter( 'edit_profile_url', 'bp_members_edit_profile_url', 10, 3 );
 130  
 131  /**
 132   * Filter the bp_user_can value to determine what the user can do in the members component.
 133   *
 134   * @since 8.0.0
 135   *
 136   * @param bool   $retval     Whether or not the current user has the capability.
 137   * @param int    $user_id
 138   * @param string $capability The capability being checked for.
 139   * @param int    $site_id    Site ID. Defaults to the BP root blog.
 140   * @param array  $args       Array of extra arguments passed.
 141   *
 142   * @return bool
 143   */
 144  function bp_members_user_can_filter( $retval, $user_id, $capability, $site_id, $args = array() ) {
 145  
 146      switch ( $capability ) {
 147          case 'bp_members_manage_membership_requests':
 148              $retval = bp_user_can( $user_id, 'bp_moderate' );
 149              break;
 150  
 151          case 'bp_members_send_invitation':
 152              if ( is_user_logged_in() && bp_get_members_invitations_allowed() ) {
 153                  $retval = true;
 154              }
 155              break;
 156  
 157          case 'bp_members_receive_invitation':
 158              if ( bp_get_members_invitations_allowed() ) {
 159                  $retval = true;
 160                  // The invited user must not already be a member of the network.
 161                  if ( empty( $args['invitee_email'] ) || false !== get_user_by( 'email', $args['invitee_email'] ) ) {
 162                      $retval = false;
 163                  }
 164                  // The invited user must not have opted out from being contacted from this site.
 165                  if ( bp_user_has_opted_out( $args['invitee_email'] ) ) {
 166                      $retval = false;
 167                  }
 168              }
 169              break;
 170  
 171          case 'bp_members_invitations_view_screens':
 172              $retval = bp_get_members_invitations_allowed() && ( bp_user_can( $user_id, 'bp_members_send_invitation' ) || bp_members_invitations_user_has_sent_invites( $user_id ) );
 173              break;
 174  
 175          case 'bp_members_invitations_view_send_screen':
 176              $retval = is_user_logged_in() && bp_get_members_invitations_allowed();
 177              break;
 178      }
 179  
 180      return $retval;
 181  }
 182  add_filter( 'bp_user_can', 'bp_members_user_can_filter', 10, 5 );
 183  
 184  /**
 185   * Do not allow the new user to change the email address
 186   * if they are accepting a community invitation.
 187   *
 188   * @since 8.0.0
 189   *
 190   * @param array  $attributes The field attributes.
 191   * @param string $name       The field name.
 192   *
 193   * @return array $attributes The field attributes.
 194   */
 195  function bp_members_invitations_make_registration_email_input_readonly_if_invite( $attributes, $name ) {
 196      if ( 'email' === $name && bp_get_members_invitations_allowed() ) {
 197          $invite = bp_get_members_invitation_from_request();
 198          if ( $invite->id ) {
 199              $attributes['readonly'] = 'readonly';
 200          }
 201      }
 202      return $attributes;
 203  }
 204  add_filter( 'bp_get_form_field_attributes', 'bp_members_invitations_make_registration_email_input_readonly_if_invite', 10, 2 );
 205  
 206  /**
 207   * Provide a more-specific welcome message if the new user
 208   * is accepting a network invitation.
 209   *
 210   * @since 8.0.0
 211   *
 212   * @return string $message The message text.
 213   */
 214  function bp_members_invitations_get_registration_welcome_message() {
 215      $message = '';
 216      if ( ! bp_get_members_invitations_allowed() ) {
 217          return $message;
 218      }
 219  
 220      $invite = bp_get_members_invitation_from_request();
 221      if ( ! $invite->id || ! $invite->invitee_email ) {
 222          return $message;
 223      }
 224  
 225      // Check if the user is already a site member.
 226      $maybe_user = get_user_by( 'email', $invite->invitee_email );
 227  
 228      // This user is already a member
 229      if ( $maybe_user ) {
 230          $message = sprintf(
 231              /* translators: %s: The log in link `<a href="login_url">log in</a>` */
 232              esc_html__( 'Welcome! You are already a member of this site. Please %s to continue.', 'buddypress' ),
 233              sprintf(
 234                  '<a href="%1$s">%2$s</a>',
 235                  esc_url( wp_login_url( bp_get_root_domain() ) ),
 236                  esc_html__( 'log in', 'buddypress' )
 237              )
 238          );
 239  
 240      // This user can register!
 241      } else {
 242  
 243          // Fetch the display names of all inviters to personalize the welcome message.
 244          $args = array(
 245              'invitee_email' => $invite->invitee_email,
 246              'invite_sent'   => 'sent',
 247          );
 248  
 249          $all_invites = bp_members_invitations_get_invites( $args );
 250          $inviters    = array();
 251  
 252          foreach ( $all_invites as $inv ) {
 253              $inviters[] = bp_core_get_user_displayname( $inv->inviter_id );
 254          }
 255  
 256          if ( ! empty( $inviters ) ) {
 257              $message = sprintf(
 258                  /* translators: %s: The comma separated list of inviters display names */
 259                  _n( 'Welcome! You&#8217;ve been invited to join the site by the following user: %s.', 'Welcome! You&#8217;ve been invited to join the site by the following users: %s.', count( $inviters ), 'buddypress' ),
 260                  implode( ', ', $inviters )
 261              );
 262          } else {
 263              $message = __( 'Welcome! You&#8217;ve been invited to join the site. ', 'buddypress' );
 264          }
 265      }
 266  
 267      return $message;
 268  }
 269  
 270  /**
 271   * Provide a more-specific "registration is disabled" message
 272   * if registration is available by invitation only.
 273   * Also provide failure note if new user is trying to accept
 274   * a network invitation but there's a problem.
 275   *
 276   * @since 8.0.0
 277   *
 278   * @return string $message The message text.
 279   */
 280  function bp_members_invitations_get_modified_registration_disabled_message() {
 281      $message = '';
 282      if ( bp_get_members_invitations_allowed() ) {
 283  
 284          $invite = bp_get_members_invitation_from_request();
 285          if ( ! $invite->id || ! $invite->invitee_email ) {
 286              return $message;
 287          }
 288  
 289          // Check if the user is already a site member.
 290          $maybe_user = get_user_by( 'email', $invite->invitee_email );
 291  
 292          if ( ! $maybe_user ) {
 293              $message_parts = array( esc_html__( 'Member registration is allowed by invitation only.', 'buddypress' ) );
 294  
 295              // Is the user trying to accept an invitation but something is wrong?
 296              if ( ! empty( $_GET['inv'] ) ) {
 297                  $message_parts[] = esc_html__( 'It looks like there is a problem with your invitation. Please try again.', 'buddypress' );
 298              }
 299  
 300              $message = implode( ' ', $message_parts );
 301          } else if ( 'nouveau' === bp_get_theme_package_id() ) {
 302              $message = sprintf(
 303                  /* translators: 1: The log in link `<a href="login_url">log in</a>`. 2: The lost password link `<a href="lost_password_url">log in</a>` */
 304                  esc_html__( 'Welcome! You are already a member of this site. Please %1$s to continue. If you have forgotten your password, you can %2$s.', 'buddypress' ),
 305                  sprintf(
 306                      '<a href="%1$s">%2$s</a>',
 307                      esc_url( wp_login_url( bp_get_root_domain() ) ),
 308                      esc_html__( 'log in', 'buddypress' )
 309                  ),
 310                  sprintf(
 311                      '<a href="%1$s">%2$s</a>',
 312                      esc_url( wp_lostpassword_url( bp_get_root_domain() ) ),
 313                      esc_html__( 'reset it', 'buddypress' )
 314                  )
 315              );
 316          }
 317      }
 318  
 319      return $message;
 320  }
 321  
 322  /**
 323   * Sanitize the invitation property output.
 324   *
 325   * @since 8.0.0
 326   *
 327   * @param int|string $value    The value for the requested property.
 328   * @param string     $property The name of the requested property.
 329   * @param string     $context  The context of display.
 330   * @return int|string          The sanitized value.
 331   */
 332  function bp_members_sanitize_invitation_property( $value = '', $property = '', $context = 'html' ) {
 333      if ( ! $property ) {
 334          return '';
 335      }
 336  
 337      switch ( $property ) {
 338          case 'id':
 339          case 'user_id':
 340          case 'item_id':
 341          case 'secondary_item_id':
 342              $value = absint( $value );
 343              break;
 344          case 'invite_sent':
 345          case 'accepted':
 346              $value = absint( $value ) ? __( 'Yes', 'buddypress' ) : __( 'No', 'buddypress' );
 347              $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value );
 348              break;
 349          case 'invitee_email':
 350              $value = sanitize_email( $value );
 351              break;
 352          case 'content':
 353              $value = wp_kses( $value, array() );
 354              $value = wptexturize( $value );
 355              break;
 356          case 'date_modified':
 357              $value = mysql2date( 'Y/m/d g:i:s a', $value );
 358              $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value );
 359              break;
 360  
 361          default:
 362              $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value );
 363              break;
 364      }
 365  
 366      return $value;
 367  }
 368  add_filter( 'bp_the_members_invitation_property', 'bp_members_sanitize_invitation_property', 10, 3 );


Generated: Wed Aug 4 01:01:42 2021 Cross-referenced by PHPXref 0.7.1