[buddypress-trac] [BuddyPress Trac] #6730: Default 'bp_xprofile_change_field_visibility' cap check passes
buddypress-trac
noreply at wordpress.org
Thu Nov 12 19:37:35 UTC 2015
#6730: Default 'bp_xprofile_change_field_visibility' cap check passes
----------------------------------+-----------------------
Reporter: r-a-y | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.4.1
Component: Component - XProfile | Version:
Severity: normal | Keywords: has-patch
----------------------------------+-----------------------
Reported here:
https://buddypress.org/support/topic/profile-field-visibility-enforced-
but-members-can-override/
If an admin has enabled 'Enforce field visibility' for a profile field, in
v2.4.0, the "Change" link still shows up when a user attempts to edit the
profile field.
The problem is due to the `bp_current_user_can()` modifications that were
made in #6501 (my fault!) and how we do capability argument checks for the
`'bp_xprofile_change_field_visibility'` cap.
The `'bp_xprofile_change_field_visibility'` cap checks if a specific
capability argument is valid with `isset( $args[0] )`. In BP 2.3.4, this
would fail; in BP 2.4.0, this passes since `$args[0]` is now an empty
array and not `null`.
I've attached a patch that fixes this with a unit test.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6730>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list