[buddypress-trac] [BuddyPress Trac] #6006: User Types API

buddypress-trac noreply at wordpress.org
Fri Nov 28 00:06:17 UTC 2014


#6006: User Types API
--------------------------+------------------
 Reporter:  boonebgorges  |       Owner:
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:  2.2
Component:  Core          |     Version:
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+------------------

Comment (by DJPaul):

 I have not tested this but have done a code review. Here's what I'm
 thinking:

 * Use bp_is_root_blog() prior to switch_to_blog; just for consistency with
 most of our other switch_to_blog calls.
 * wp_get_object_terms() used to be an uncached function call
 (https://vip.wordpress.com/documentation/caching/uncached-functions/) -- I
 don't know if any recent changes have added caching, but if they have not,
 we should use get_the_terms().
 * Instead of `_ex( ' - ' )` which I understand but looks weird, can we re-
 use an existing string we have for this type of thing? See
 https://buddypress.trac.wordpress.org/browser/trunk/src/bp-xprofile/bp-
 xprofile-classes.php#L1701
 * In process_member_type_update(), I can follow through and understand how
 the validation for `$_POST['bp-members-profile-member-type']` works, but:
 a) it's not immediately obvious, and b) I think sanitize_text_field is
 appropriate here in addition to stripslashes. Can we move (duplicate) the
 validation logic into process_member_type_update()?
 * In process_member_type_update(), there are no validation checks to see
 if the current user is entitled to update this field. Is this intentional
 -- can a user update their own user_type field, or are we restricting it
 to super-admins etc? Is there a capability check we should be using?

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6006#comment:19>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list