[buddypress-trac] [BuddyPress Trac] #8036: Sanity checks for member/group widget limits
buddypress-trac
noreply at wordpress.org
Mon Jan 7 20:08:13 UTC 2019
#8036: Sanity checks for member/group widget limits
--------------------------+-----------------------------
Reporter: boonebgorges | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version:
Severity: normal | Keywords: 2nd-opinion
--------------------------+-----------------------------
I discovered an odd issue while debugging a client site for requests that
triggered excessive numbers of SQL queries.
A handful of our Members and Groups widgets allow the admin to enter a
"max" count. If you enter 0 (or, say, 999999999) it gets passed along
blindly to the widget constructor. On a large site, this can result in
thousands of database queries.
The problem is especially notable on Multisite installations where BP is
network-active. Admins of individual sites (who may not be super admins,
and may not know what they're doing) have the ability to add BP widgets to
their sites. So this is likely not just an education problem.
Realistically, there's no reason why anyone would ever need more than,
say, 50 or 100 users in a widget. I propose we do something like the
following:
- Add a gloss to the widget admin UI that says "Up to x members", where
'x' 50 or 100 or something like that
- Validate on the server (in the client too, if we can easily manage it -
this might be easier in the Customizer) that the number is between 1 and
the max number.
- Run the max number through a filter so that a network admin who really
wants a higher number can write a plugin that sets a higher ceiling.
If this seems like overkill, we could also just silently set any large
number (or 0) to 25 or 50 or some sane number.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8036>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list