Skip to:
Content
Pages
Categories
Search
Top
Bottom

Redefine ajax function

  • @mpa4hu

    Participant

    Hello,

    I want to extend buddypress favorite function:
    Particularly I want to check if user is author of that post before favoriting an activity and if so dont allow favoriting. In other words I want to disable favoriting on own post, but doing this on server side and not just hiding button.

    Well, I can rewrite this function with my own.

    function bp_legacy_theme_mark_activity_favorite() {
    	// Bail if not a POST action
    	if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    		return;
    
    	if ( bp_activity_add_user_favorite( $_POST['id'] ) )
    		_e( 'Remove Favorite', 'buddypress' );
    	else
    		_e( 'Favorite', 'buddypress' );
    
    	exit;
    }

    But here rises question: can some smart user override my function and post request to the original ajax? In devTools I could change scripts “action” to original one action: 'activity_mark_' + type, and sent with that action so user will still be able “favorite its own activity”

    well, one thing I would do, is remove filters that are responsible for marking activity favorite, but is there any other thing/security you can think of?

Viewing 1 replies (of 1 total)
  • @mpa4hu

    Participant

    Actually the idea with removing filter came when I was writing this question but still decided to post ^_^

Viewing 1 replies (of 1 total)
  • The topic ‘Redefine ajax function’ is closed to new replies.
Skip to toolbar