[buddypress-trac] [BuddyPress] #5071: BP User Query and management of the include argument

buddypress-trac noreply at wordpress.org
Sun Jun 23 14:36:43 UTC 2013 

#5071: BP User Query and management of the include argument
-------------------------+-------------------------------------------------
 Reporter:  imath        |      Owner:
     Type:  defect       |     Status:  new
  (bug)                  |  Milestone:  Awaiting Review
 Priority:  normal       |    Version:  1.8-beta
Component:  Friends      |   Keywords:  has-patch 2nd-opinion needs-testing
 Severity:  critical     |
-------------------------+-------------------------------------------------
 Hi,

 I think this trouble is really annoying, that's why, for the first time,
 i've put a high severity on a ticket.

 I was testing the friends component, then i've noticed when going into my
 friendship requests page (siteurl.dev/members/imath/friends/requests/)
 that all the users of the blog where showing even if i hadn't ask them to
 become my friends. So i clicked on Accept friendship to see what would
 happened but as no user id is in the url, it triggers an error...

 Then i added a friend and went on his request page and there i was the
 only one in his request list. So i accepted and as soon as i've reloaded
 the request page, all the users were showing again. Even the friend i've
 accepted, and the button Accept was back..

 So i've searched and landed in BP_User_Query class where the include
 parameter of bp_has_members() is managed, and the problem seems to be
 there as with the use of !empty( $include ) at line 318 of bp-core-
 classes.php the $sql['where'][] = 'u.user_id IN (0)' is never set. So the
 $sql['where'] only have 1 element : 'u.field_id = 1' and all the users are
 showing.

 I've checked in 1.7 and saw that the condition was false !== $include, so
 the diff attached to this ticket is using this condition and it seems to
 solve the trouble in the member's request friendship page. But i don't
 know if this break something elsewhere, so i think this should be checked
 more deeply.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5071>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list