diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php
index 08feb6d2c..6de3af338 100644
|
|
function bp_legacy_theme_ajax_addremove_friend() { |
1395 | 1395 | // Cast fid as an integer. |
1396 | 1396 | $friend_id = (int) $_POST['fid']; |
1397 | 1397 | |
| 1398 | $user = get_user_by( 'id', $friend_id ); |
| 1399 | if ( ! $user ) { |
| 1400 | die( __( 'Not a valid user.', 'buddypress' ) ); |
| 1401 | } |
| 1402 | |
1398 | 1403 | // Trying to cancel friendship. |
1399 | 1404 | if ( 'is_friend' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) { |
1400 | 1405 | check_ajax_referer( 'friends_remove_friend' ); |
diff --git src/bp-templates/bp-nouveau/includes/friends/ajax.php src/bp-templates/bp-nouveau/includes/friends/ajax.php
index 083ae94c4..44aee7166 100644
|
|
function bp_nouveau_ajax_addremove_friend() { |
88 | 88 | // Cast fid as an integer. |
89 | 89 | $friend_id = (int) $_POST['item_id']; |
90 | 90 | |
| 91 | $user = get_user_by( 'id', $friend_id ); |
| 92 | if ( ! $user ) { |
| 93 | wp_send_json_error( |
| 94 | array( |
| 95 | 'feedback' => sprintf( |
| 96 | '<div class="bp-feedback error">%s</div>', |
| 97 | esc_html__( 'Not a valid user.', 'buddypress' ) |
| 98 | ), |
| 99 | ) |
| 100 | ); |
| 101 | } |
| 102 | |
91 | 103 | // In the 2 first cases the $friend_id is a friendship id. |
92 | 104 | if ( ! empty( $_POST['action'] ) && 'friends_accept_friendship' === $_POST['action'] ) { |
93 | 105 | if ( ! friends_accept_friendship( $friend_id ) ) { |