[buddypress-trac] [BuddyPress Trac] #8181: PHP Notice generated when logged out user attempts to join an invalid user to a group via REST API

buddypress-trac noreply at wordpress.org
Mon Dec 16 06:39:45 UTC 2019


#8181: PHP Notice generated when logged out user attempts to join an invalid user
to a group via REST API
--------------------------+-----------------------------
 Reporter:  sjregan       |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  REST API      |    Version:  5.0.0
 Severity:  trivial       |   Keywords:
--------------------------+-----------------------------
 (This is in v5.1.0 but the version is not available in the ticket create
 form drop-down menu)

 Given the following scenario a PHP notice will be generated:

 1. Make unauthenticated POST request to
 /buddypress/v1/groups/<group_id>/members API endpoint
 2. Endpoint arguments context=view, user_id is null


 {{{
 PHP Notice:  Trying to get property 'ID' of non-object in .../bp-
 groups/classes/class-bp-rest-group-membership-endpoint.php on line 337
 }}}

 During execution of the ''create_item_permissions_check()'' function
 ''$retval'' will be set to a WP_Error object and the ''$user'' variable
 will be false.

 As the ''$retval !== true'' the following line will be executed without
 checking that ''$user'' is an instance of ''WP_User'':

 {{{#!php
 <?php
 if ( $loggedin_user_id === $user->ID && 'view' === $request['context'] ) {
 }}}

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8181>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list