[buddypress-trac] [BuddyPress Trac] #7833: BP Nouveau: do not check the user exists when Accepting/rejecting friendships
buddypress-trac
noreply at wordpress.org
Wed May 16 16:25:08 UTC 2018
#7833: BP Nouveau: do not check the user exists when Accepting/rejecting
friendships
--------------------------+------------------------------
Reporter: imath | Owner: imath
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Templates | Version:
Severity: major | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Comment (by imath):
@DJPaul Maybe my description/patch wasn't clear :) So as you wanted me to
test all possible actions/layouts for the friendship button (having the
{{{button_element}}} set to {{{button}}} or {{{a}}}) and with all possible
Nav layouts (Customizer), I decided to do it but after improving the patch
to avoid confusions.
So the trouble was :
All friendship actions are managed in one ajax handler
{{{bp_nouveau_ajax_addremove_friend()}}}, but 2 actions are not sending an
ID from the {{{$wpdb->users}}} table but an ID from the
{{{$bp->table_prefix . 'bp_friends'}}} table.
For these two actions ({{{'friends_accept_friendship'}}} &
{{{''friends_reject_friendship''}}}), it makes no sense to check if an ID
from the {{{$bp->table_prefix . 'bp_friends'}}} table exists as a user
into the {{{$wpdb->users}}} table.
So both 7833.patch or 7833.2.patch are fixing the issues, the first one
edits less code than the other which is less confusing..
It's up to what you prefer :)
The risk of not committing one of the two patches is that it quickly won't
be possible to accept or refuse friendship for users at all.
I haven't notice the issue before because friendship IDs existed by
coincidence into the users table. But as soon as i had more rows into the
{{{$bp->table_prefix . 'bp_friends'}}} table than into the
{{{$wpdb->users}}} table : bing 100% of fails for these two actions.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7833#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list