[buddypress-trac] [BuddyPress Trac] #7683: friends_add_friend doesnt check if user ids exist
buddypress-trac
noreply at wordpress.org
Sat Feb 3 19:05:46 UTC 2018
#7683: friends_add_friend doesnt check if user ids exist
--------------------------+-----------------------------
Reporter: modemlooper | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Friends | Version: 2.9.2
Severity: normal | Keywords:
--------------------------+-----------------------------
If you use the function friends_add_friend you can supply an initiator id
and a user id to request friendship but you could supply a user id
38383838383838383838383833838 and it would place a record of the
friendship in the db with anything you supply.
There should be a check that users even exist.
https://buddypress.trac.wordpress.org/browser/trunk/src/bp-friends/bp-
friends-functions.php#L33
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7683>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list