Skip to:
Content

BuddyPress.org

Changeset 12094


Ignore:
Timestamp:
05/16/2018 06:32:42 PM (7 years ago)
Author:
imath
Message:

Nouveau: do not request a user with a Friendship ID in Ajax handler

Two actions managed within the common Friendship Ajax handler are not sending a user ID but a friendship ID :

  • friends_accept_friendship
  • friends_reject_friendship

As a result, the user check can wrongly prevent users to accept or decline friendships as soon as a friendship ID does not match with an existing user ID. For these two specific cases we are now omitting it but keep it for all other actions as they are sending a user ID.

Props DJPaul

Fixes #7833

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-templates/bp-nouveau/includes/friends/ajax.php

    r12082 r12094  
    9797    $friend_id = (int) $_POST['item_id'];
    9898
    99     $user = get_user_by( 'id', $friend_id );
    100     if ( ! $user ) {
    101         wp_send_json_error(
    102             array(
    103                 'feedback' => sprintf(
    104                     '<div class="bp-feedback error">%s</div>',
    105                     esc_html__( 'No member found by that ID.', 'buddypress' )
    106                 ),
    107             )
    108         );
     99    // Check if the user exists only when the Friend ID is not a Frienship ID.
     100    if ( isset( $_POST['action'] ) && $_POST['action'] !== 'friends_accept_friendship' && $_POST['action'] !== 'friends_reject_friendship' ) {
     101        $user = get_user_by( 'id', $friend_id );
     102        if ( ! $user ) {
     103            wp_send_json_error(
     104                array(
     105                    'feedback' => sprintf(
     106                        '<div class="bp-feedback error">%s</div>',
     107                        esc_html__( 'No member found by that ID.', 'buddypress' )
     108                    ),
     109                )
     110            );
     111        }
    109112    }
    110113
Note: See TracChangeset for help on using the changeset viewer.