[buddypress-trac] [BuddyPress Trac] #8149: Incorrect 'ids' param passed to `groups_get_invites()` causes all invites to be returned
buddypress-trac
noreply at wordpress.org
Tue Oct 22 22:08:25 UTC 2019
#8149: Incorrect 'ids' param passed to `groups_get_invites()` causes all invites
to be returned
--------------------------+-----------------------
Reporter: boonebgorges | Owner: dcavins
Type: defect (bug) | Status: accepted
Priority: highest | Milestone: 5.1.0
Component: Groups | Version: 5.0.0
Severity: critical | Resolution:
Keywords: |
--------------------------+-----------------------
Changes (by dcavins):
* owner: (none) => dcavins
* status: new => accepted
Comment:
Hi @boonebgorges,
Thanks for creating this ticket. Yes, that `ids` parameter should be
`id`--it's a holdover from an earlier version of the code where I was
using `ids` as the key.
I also agree that there's no reason to run the `groups_get_invites()`
routine if no uncached invitations are found.
Furthermore, this issue highlights the need to improve the handling of
special cases of the `id` parameter in `BP_Invitation::get_where_sql()`:
https://buddypress.trac.wordpress.org/browser/tags/5.0.0/src/bp-
core/classes/class-bp-invitation.php#L343
WP is a little fuzzy on patterning parameters like this, but I'd expect:
• `id = array()` should return no results. (Not a database error.)
• `id = array( 0 )` should return no results.
• `id = 0` should return no results.
• `id = "0"` should return no results.
• `id = ""` should return no results.
• `id = false` should result in no `id IN ()` statement being added to the
parameter.
Thanks! Please comment on the patch, which is in line with your
suggestions above.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8149#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list