[buddypress-trac] [BuddyPress Trac] #5384: All @-mention notifications cleared when anonymous user visits another user's activity feed
buddypress-trac
noreply at wordpress.org
Fri Feb 7 21:52:52 UTC 2014
#5384: All @-mention notifications cleared when anonymous user visits another
user's activity feed
----------------------------+-----------------------------
Reporter: SlothLoveChunk | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Notifications | Version: 1.9.1
Severity: normal | Keywords:
----------------------------+-----------------------------
I'm running the latest version of WP and BP, and for the last few weeks
users have been reporting that @-mention notifications have been
disappearing. Fortunately, they were not deleted, rather, they were being
marked as read (/notifications/read/).
To debug I logged SAVEQUERIES and found that this query in the log:
{{{
UPDATE `wp_bp_notifications` SET `is_new` = 0 WHERE `component_name` =
'activity' AND `component_action` = 'new_at_mention'
}}}
As you can see, there is no 'user_id' in the where clause, which is
causing all @-mentions to be marked as read. Backtracing, it looks like
this is being invoked by:
{{{
function bp_activity_remove_screen_notifications() {
if ( bp_is_active( 'notifications' ) ) {
bp_notifications_mark_notifications_by_type(
bp_loggedin_user_id(), buddypress()->activity->id, 'new_at_mention' );
}
}
add_action( 'bp_activity_screen_my_activity',
'bp_activity_remove_screen_notifications' );
add_action( 'bp_activity_screen_single_activity_permalink',
'bp_activity_remove_screen_notifications' );
add_action( 'bp_activity_screen_mentions',
'bp_activity_remove_screen_notifications' );
}}}
Which in turn calls:
{{{
function bp_notifications_mark_notifications_by_type( $user_id,
$component_name, $component_action, $is_new = false ) {
return BP_Notifications_Notification::update(
array(
'is_new' => $is_new
),
array(
'user_id' => $user_id,
'component_name' => $component_name,
'component_action' => $component_action
)
);
}
}}}
Since activity pages are publicly accessible -- at least on my site --
when a non-logged in user visit any other user's activity page the
offending query sans user_id is ran.
I have fixed the issue by first checking to make sure $user_id exists:
{{{
function bp_notifications_mark_notifications_by_type( $user_id,
$component_name, $component_action, $is_new = false ) {
if ( !empty( $user_id ) ) { // Only remove is_new if there is a
user_id
return BP_Notifications_Notification::update(
array(
'is_new' => $is_new
),
array(
'user_id' => $user_id,
'component_name' => $component_name,
'component_action' => $component_action
)
);
}
}
}}}
I realize this is a hack and not ideal, but by posting here I am hoping
someone might be able to recreate and offer a more elegant solution.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5384>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list