[buddypress-trac] [BuddyPress] #5151: Numeric Nicename sends PM's to the wrong user on large sites

buddypress-trac noreply at wordpress.org
Fri Aug 23 21:54:29 UTC 2013 

#5151: Numeric Nicename sends PM's to the wrong user on large sites
--------------------------+-----------------------------
 Reporter:  DennisSmolek  |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Messaging     |    Version:  1.8.1
 Severity:  major         |   Keywords:  needs-patch
--------------------------+-----------------------------
 I'm not using numeric ID's like in #4305 but instead using numeric
 nicenames.

 I do this to get something like:
 mysite.com/members/123456
 where 123456 is their ID number from a totally different system.

 So because of this, it passes that as their "Username" with compatibility
 mode and because of the patch in #4305 it's doing a check if the value is
 numeric. It IS so it then checks if that user exists in the system. Well
 our system is massive, so there IS a wordpress user with the ID 123456.

 When it does this, it then switches the recipient from the intended user,
 to the one with the wordpress user id (in this example 123456) this is a
 big error as we use the PM system as internal communication and for all
 sorts of alerts...

 So when we let 1000 people know they got paid, 1000 different people got
 the alert.

 What I did is simplify RAY's code, I dont have a patchable tree so I'm
 just pasting my code:
 Starting at line 75 of bp-messages-functions.php (1.8.1)

 {{{
                 if ( bp_is_username_compatibility_mode() )
                                 $recipient_id = bp_core_get_userid(
 $recipient );
                         else
                                 $recipient_id =
 bp_core_get_userid_from_nicename( $recipient );
                         if ( is_numeric( $recipient ) && !$recipient_id )
 {
                                 // do a check against the user ID column
                                 if ( bp_core_get_core_userdata( (int)
 $recipient ) )
                                         $recipient_id = (int) $recipient;
                         }
 }}}

 Sorry, it's tabbing out oddly, but basically I reversed his code to check
 if there is a username or nicename FIRST, then do a user ID check. If the
 username fails then the ID check is performed.

 I've tested this and it's working on our site but Robl987 might want to
 test it too. I marked this major as without this fix at least 2 of my
 clients can't go beyond the modified versions of 1.8.1 I have them on now.

 -D

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5151>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list