[buddypress-trac] [BuddyPress Trac] #6506: Should not try to redirect in bp_has_message_threads
buddypress-trac
noreply at wordpress.org
Mon Jun 15 17:20:00 UTC 2015
#6506: Should not try to redirect in bp_has_message_threads
-----------------------------------+------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.4
Component: Component - Messaging | Version: 1.0
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------------------+------------------
Changes (by boonebgorges):
* keywords: has-patch 2nd-opinion => has-patch
Comment:
Regarding the `bp_do_404()`: This block can never be reached, because of
the `bp_current_user_can( 'bp_moderate' )` checks in
`BP_Messages_Component::setup_nav()`. Technically, it could be removed
altogether, will all caps checks handled during nav setup. But swapping
out for `bp_do_404()` will do no harm.
I agree that there should not be a redirect in
`bp_has_messages_threads()`, but simply removing the block could
potentially introduce security issues when the function is being called
directly without proper cap checks. I recommend returning false, which is
to say, `! bp_has_messages_threads()`. See [attachment:6506.02.patch].
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6506#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list