-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
I can view anyones messages when logged out.
And you’re definitely talking about what BuddyPress refers to as private messages?
Can you try again after disabling all plugins, reverting to TwentyFifteen and removing all custom code? If you still get to see private messages when logged out then that shouldn’t be happening.
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
I can view anyones messages when logged out.
And you’re definitely talking about what BuddyPress refers to as private messages?
Can you try again after disabling all plugins, reverting to TwentyFifteen and removing all custom code? If you still get to see private messages when logged out then feel free to open a bug ticket on Trac. That…[Read more]
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
I can view anyones messages when logged out.
And you’re definitely talking about what BuddyPress refers to as private messages? That is definitely not right.
Can you try again after disabling all plugins, reverting to TwentyFifteen and removing all custom code? If you still get to see private messages when logged out then feel free to open a…[Read more]
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
With standard buddypress (no modifications) you can freely view anyone’s messages without even logging in
That shouldn’t be the case for all users. Only users with admin capabilities should be able to do that. Are you able to see people’s private messages when logged in as a subscriber? If so, that’s a bug
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
Also, to answer your question:
How would you do the security check?
These must be done server side. You’re right to think that anything done via the client can be tainted (manipulated by an end user).
The general process is:
Make an AJAX call passing any client-side data to the server
Process the data (secure it and perform necessary privacy…[Read more] -
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
Also, to answer your question:
How would you do the security check?
These must be done server side. You’re right to think that anything done via the client can be tainted (manipulated by an end user). The general process is:
Make an AJAX call passing any client-side data to the server
Process the data (secure it and perform necessary privacy…[Read more] -
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
You could see hidden data that user did not want displayed.
That’s why I said privacy checks should be carried out separately.
As an aside, security and privacy are both very different things. Securing data means making sure it is safe where as privacy refers to the visibility of the data. Both these things should be addressed in your…[Read more]
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
You could see hidden data that user did not want displayed.
That’s why I said privacy checks should be carried out separately.
As an aside, security and privacy are both very different things. Securing data means making sure it is safe where as privacy refers to the visibility of the data. Both these things should be addressed in your…[Read more]
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
what harm could come from a visit to a simple profile tab?
You could see hidden data that user did not want displayed.
That’s why I said privacy checks should be carried out separately.
As an aside, security and privacy are both very different things. Securing data means making sure it is safe where as privacy refers to the visibility of the…[Read more]
-
VentureCore started the topic Sort Members Alphabetically by Default in the forum How-to & Troubleshooting 11 years ago
I have read a lot of threads here regarding the default displays for members alphabetically and at one point I had found a solution that worked but it was recently overwritten by an upgrade. (I failed to put it in the child theme) – my bad!
So I went on the search again and found this. (I don’t think it’s what I was using)
if ( bp_has_members(…[Read more]
-
SedtheeSathaporn's profile was updated 11 years ago
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
Just to be clear, security and privacy checks should be carried out separately to WP nonce implementation
-
Henry Wright replied to the topic Why is there no ajax on profile tabs? in the forum Requests & Feedback 11 years ago
@codemonkeybanana this is just my own personal opinion but implementing WP nonces when loading tabs isn’t hugely necessary. WP nonces verify user intent, and even if intent cannot be verified, what harm could come from a visit to a simple profile tab?
-
telatabi's profile was updated 11 years ago
-
SidianMSJones replied to the topic Buddypress creating duplicate tags taxonomy in the forum How-to & Troubleshooting 11 years ago
Would that register as a tag though?
-
Mr. Vibe replied to the topic BP Messages Star fx for themes based on bp-deafult in the forum How-to & Troubleshooting 11 years ago
Updated :
add_action('wp_ajax_messages_star','bp_course_messages_star');[Read more]
function bp_course_messages_star(){
if(function_exists('bp_messages_star_set_action') && is_numeric($_POST['message_id']) && in_array($_POST['star_status'],array('star','unstar'))){
echo bp_messages_star_set_action(array(
'action' => $_POST['star_status'],… -
Mr. Vibe started the topic BP Messages Star fx for themes based on bp-deafult in the forum How-to & Troubleshooting 11 years ago
Love the BP messages star functionality. It works perfectly on Twenty fifteen/fourteen but on themes based on BP Default this functionality does not appear.
It seems we need to add a small snippet to make it work on BP Default theme.
add_action('wp_ajax_messages_star','bp_course_messages_star');
function bp_course_messages_star(){… -
Mr. Vibe started the topic BP Messages Star fx for themes based on bp-deafult in the forum How-to & Troubleshooting 11 years ago
Love the BP messages star functionality. It works perfectly on Twenty fifteen/fourteen but on themes based on BP Default this functioanlity does not appear. BP Messages
-
Henry Wright replied to the topic Target only profile page in the forum How-to & Troubleshooting 11 years ago
What are you using for your default landing tab?
As an example, let’s say you’re using activity (which is the default tab anyway) so no need to do the following:
define( 'BP_DEFAULT_COMPONENT', 'activity' );Now, your example.com/members/username screen can be targeted like this:
if ( bp_is_user_activity() ) {
// Do something.
}Note:
bp_…[Read more] -
Henry Wright replied to the topic [Resolved] Programatically add new members to a group on account activation in the forum How-to & Troubleshooting 11 years ago
Instead of
groups_accept_invite(), try usinggroups_join_group().So in your code above, you’d use:
groups_join_group( $group_id, $bp_user_id ) - Load More
