[buddypress-trac] [BuddyPress] #2566: [patch] “Send Private Message” and “Mention this User” Button Filtering

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Mon Aug 2 14:38:14 UTC 2010


#2566: [patch] “Send Private Message” and “Mention this User” Button Filtering
-------------------------+--------------------------------------------------
 Reporter:  jeffsayre    |       Owner:  jeffsayre                                         
     Type:  enhancement  |      Status:  new                                               
 Priority:  major        |   Milestone:  1.2.6                                             
Component:  Core         |    Keywords:  has-patch, security, privacy, abstraction, filters
-------------------------+--------------------------------------------------
 When a logged in user is visiting another member’s page, the “Mention this
 User” and “Send Private Message” buttons are outputted differently than
 the “Add Friend” button. The output of the former two are controlled by
 the member-header.php template file whereas the output of the latter is
 controlled by a template tag function -- bp_add_friend_button().
 Furthermore, only the “Add Friend” button offers any means with which to
 programmatically control the output.

 Instead of hardcoding template output directly within a template file, it
 should be abstracted into a function that allows developers the
 flexibility with which to control what is output and how it is outputted.

 The attached patch removes the hardcoded output for both the “Mention this
 User” and “Send Private Message” buttons, placing them into a template tag
 function instead. The new template tag functions also offer filters that
 allow developers the opportunity to directly control these two important
 buttons.

 This Trac ticket is necessary for the BuddyPress Privacy Component.
 Without these changes, there is no way to offer members control over who
 sees and has access to the “Mention this User” and “Send Private Message”
 buttons.

 As an added benefit to this patch, the outputted URLs of the two expanded
 template tag functions use the wp_nonce_url() for added security. The
 bp_add_friend_button() already uses link nonce protection. So should these
 two new functions.

-- 
Ticket URL: <http://trac.buddypress.org/ticket/2566>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list