[buddypress-trac] [BuddyPress Trac] #7683: friends_add_friend doesnt check if user ids exist
buddypress-trac
noreply at wordpress.org
Mon Feb 5 19:59:27 UTC 2018
#7683: friends_add_friend doesnt check if user ids exist
--------------------------+------------------------------
Reporter: modemlooper | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Friends | Version: 2.9.2
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by boonebgorges):
We don't check for valid users in many of our "business" functions. See eg
`groups_join_group()`, `bp_activity_add()`, `xprofile_set_field_data()`.
In at least some of these cases, it's possible to imagine scenarios where
you'd want to put dummy IDs for `$user_id`. (For example, we do it pretty
extensively in our unit tests.) It feels to me like these functions ought
to enforce internal data consistency - don't allow someone to join a group
if they're already in the group - but external consistency ought to be
left up to the controllers responsible for calling these functions (AJAX
handlers, API endpoints, etc).
I don't have very strong intuitions on this, though. @djpaul What do you
think?
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7683#comment:6>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list