[buddypress-trac] [BuddyPress] #2747: bp_has_* templatetag functions should not use $_REQUEST['s'] without further verification
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Fri Nov 19 14:38:25 UTC 2010
#2747: bp_has_* templatetag functions should not use $_REQUEST['s'] without
further verification
-----------------------+----------------------------------------------------
Reporter: calvin_42 | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.3
Component: Core | Version: 1.2.5
Keywords: |
-----------------------+----------------------------------------------------
Each bp_has_* templatetag function (like bp_has_groups or bp_has_members)
has the kind of following line :
{{{
if ( isset( $_REQUEST['s'] ) && !empty( $_REQUEST['s'] ) )
$search_terms = $_REQUEST['s'];
}}}
IMHO I have to disagree with this kind of statement. Let's say on a
website the groups of the current_user are listed on the sidebar using :
{{{
bp_has_groups( 'user_id=' . bp_loggedin_user_id() .
'&slug=false&type=active' )
}}}
If an user search for a member 'smith', the URL will be
'/members/?s=smith', and consequently, the groups displayed in the sidebar
will only display the common groups between the current user and the users
matching the name 'smith'.
$search_terms will be in any case overrided by the code, even if I set the
value.
I haven't worked yet on the patch but I wanted first to have a feedback
about this problem.
--
Ticket URL: <https://trac.buddypress.org/ticket/2747>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list