[buddypress-trac] [BuddyPress Trac] #6941: Make sure inviter_id !== 0 before inviting a user to a group
buddypress-trac
noreply at wordpress.org
Thu Mar 3 22:39:19 UTC 2016
#6941: Make sure inviter_id !== 0 before inviting a user to a group
--------------------------------+-----------------------------
Reporter: danbrellis | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Component - Groups | Version: 2.5.0
Severity: normal | Keywords:
--------------------------------+-----------------------------
Because of some errors on my end with checking permissions, my members got
hundreds of spam invitations to every group on the site. I should have had
the proper systems in place to prevent this, but while i was investigating
I came across something in core that would have prevented this also.
In `groups_invite_user()` (line 1090 of bp-groups/bp-groups-
functions.php), we should check if the inviter id is not 0. In my case,
all of the spam invites had an inviter_id of 0.
It could be as simple as ammending line 1103:
{{{#!php
if ( empty( $user_id ) || empty( $group_id ) || empty( $inviter_id) )
return false;
}}}
If I'm wrong in assuming that every invitation should have an inviter, I
apologize for jumping to conclusions. Also, I'm sure there are other
methods in place to correct this, but when someone is developing a plugin
(like I was) that uses this function, it would be a nice back-up.
Especially since in the query for invites in
`BP_Groups_Member::get_invites()`, the statement includes
{{{
AND m.inviter_id != 0
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6941>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list