[buddypress-trac] [BuddyPress Trac] #8181: PHP Notice generated when logged out user attempts to join an invalid user to a group via REST API
buddypress-trac
noreply at wordpress.org
Mon Dec 16 06:39:45 UTC 2019
#8181: PHP Notice generated when logged out user attempts to join an invalid user
to a group via REST API
--------------------------+-----------------------------
Reporter: sjregan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 5.0.0
Severity: trivial | Keywords:
--------------------------+-----------------------------
(This is in v5.1.0 but the version is not available in the ticket create
form drop-down menu)
Given the following scenario a PHP notice will be generated:
1. Make unauthenticated POST request to
/buddypress/v1/groups/<group_id>/members API endpoint
2. Endpoint arguments context=view, user_id is null
{{{
PHP Notice: Trying to get property 'ID' of non-object in .../bp-
groups/classes/class-bp-rest-group-membership-endpoint.php on line 337
}}}
During execution of the ''create_item_permissions_check()'' function
''$retval'' will be set to a WP_Error object and the ''$user'' variable
will be false.
As the ''$retval !== true'' the following line will be executed without
checking that ''$user'' is an instance of ''WP_User'':
{{{#!php
<?php
if ( $loggedin_user_id === $user->ID && 'view' === $request['context'] ) {
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8181>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list