[buddypress-trac] [BuddyPress Trac] #7683: friends_add_friend doesnt check if user ids exist

buddypress-trac noreply at wordpress.org
Mon Feb 5 19:59:27 UTC 2018


#7683: friends_add_friend doesnt check if user ids exist
--------------------------+------------------------------
 Reporter:  modemlooper   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Friends       |     Version:  2.9.2
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+------------------------------

Comment (by boonebgorges):

 We don't check for valid users in many of our "business" functions. See eg
 `groups_join_group()`, `bp_activity_add()`, `xprofile_set_field_data()`.
 In at least some of these cases, it's possible to imagine scenarios where
 you'd want to put dummy IDs for `$user_id`. (For example, we do it pretty
 extensively in our unit tests.) It feels to me like these functions ought
 to enforce internal data consistency - don't allow someone to join a group
 if they're already in the group - but external consistency ought to be
 left up to the controllers responsible for calling these functions (AJAX
 handlers, API endpoints, etc).

 I don't have very strong intuitions on this, though. @djpaul What do you
 think?

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7683#comment:6>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list