[buddypress-trac] [BuddyPress Trac] #7683: friends_add_friend doesnt check if user ids exist
buddypress-trac
noreply at wordpress.org
Mon Mar 5 10:51:40 UTC 2018
#7683: friends_add_friend doesnt check if user ids exist
-----------------------------------+------------------------
Reporter: modemlooper | Owner: djpaul
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 3.0
Component: Friends | Version: 2.9.2
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+------------------------
Comment (by DJPaul):
I broadly agree with @boonebgorges. I think we should definitely add the
7683-ajax.diff patch.
(Nitpicking, I'm not sure we call users "users" in our strings, but I
don't know if "Not a valid member" is worse English, or not. At any rate,
I know it's just an error message for an edge case.)
I did find this question time-consuming and hard to answer. I think it's
because I'm a bit scared at the amount of work required to audit all
functions called by controllers to check we are sanitising data
appropriate in this context (or how to find this information
automatically) -- if we were to do that today. I don't think we are
proposing that we are.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7683#comment:9>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list