[buddypress-trac] [BuddyPress Trac] #8007: BP blogmeta update routine incorrectly overwrites 'post_title' for unrelated activities
buddypress-trac
noreply at wordpress.org
Tue Nov 27 09:02:15 UTC 2018
#8007: BP blogmeta update routine incorrectly overwrites 'post_title' for
unrelated activities
--------------------------+--------------------------------------
Reporter: r-a-y | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Up Next
Component: Blogs | Version: 2.1
Severity: normal | Keywords: has-unit-tests has-patch
--------------------------+--------------------------------------
When a blog post is updated, a few things are synced if there is a
corresponding activity item.
@boonebgorges discovered a bug if:
- the WP site is using multisite; and
- if the blog post contains comments; and
- if there are corresponding 'new_blog_comment' activity items; and
- if the post title has changed
What happens is the post title activity meta entry is updated for each
'new_blog_comment' activity item where the post comment ID is the same
across the entire network.
The problem occurs here:
https://buddypress.trac.wordpress.org/browser/tags/3.2.0/src/bp-blogs/bp-
blogs-functions.php?marks=662-666#L634.
When querying for old-style activity comment items, the activity query
only does a search on the 'action', 'object', and 'secondary_id' - but not
'primary_id'. As such, it returns a large number of activity items
associated with posts on different sites (bad) and then proceeds to update
the metadata on them (worse).
I've attached a unit test exhibiting the bug, as well as the patch that
fixes the issue.
This bug was introduced as part of #5609.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8007>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list