[buddypress-trac] [BuddyPress Trac] #8844: BP_Friends_Friendship::get_random_friends() reports incorrect results
buddypress-trac
noreply at wordpress.org
Tue Feb 21 19:02:51 UTC 2023
#8844: BP_Friends_Friendship::get_random_friends() reports incorrect results
--------------------------+-----------------------------
Reporter: boonebgorges | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Friends | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
In [13092], the following comparison was changed from a loose `==` to a
strong `===`:
https://buddypress.trac.wordpress.org/browser/tags/11.1.0/src/bp-
friends/classes/class-bp-friends-
friendship.php?annotate=blame&marks=944#L935
Since the friendship records are pulled from the database using
`$wpdb->get_results()`, properties like `friend_user_id` in the `for` loop
are always *strings*. Yet the method's documentation says that the
`$user_id` parameter should be an `int` (which makes sense, given that
you'll often pass a value like `bp_loggedin_user_id()` to it). As a
result, the strict comparison on this line always fails, which means that
the returned ID is always the value of `friend_user_id`. This can
sometimes be the `$user_id` itself, when the `$user_id` was the recipient
rather than the initiator of the original friendship request.
Strict comparison seems fine, but we then need to cast these values to
`int` before doing the comparison.
Other methods in the same class continue to use loose comparison, so
aren't affected by a similar bug.
https://buddypress.trac.wordpress.org/browser/tags/11.1.0/src/bp-
friends/classes/class-bp-friends-
friendship.php?annotate=blame&marks=438,440#L420 If we switch to strict
comparison, we should do it in the same (correct) way throughout the
class.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8844>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list