Skip to:
Content

BuddyPress.org

Changeset 2359


Ignore:
Timestamp:
01/19/2010 03:34:06 PM (15 years ago)
Author:
apeatling
Message:

Fixes #1591 - accessing non-existent profile field groups.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-xprofile.php

    r2343 r2359  
    276276    global $bp;
    277277
    278     if ( !bp_is_home() && !is_site_admin() )
    279         return false;
     278    if ( !bp_is_my_profile() && !is_site_admin() )
     279        return false;
     280
     281    /* Make sure a group is set. */
     282    if ( empty( $bp->action_variables[1] ) )
     283        bp_core_redirect( $bp->displayed_user->domain . BP_XPROFILE_SLUG . '/edit/group/1' );
     284
     285    /* Check the field group exists */
     286    if ( !xprofile_get_field_group( $bp->action_variables[1] ) )
     287        bp_core_redirect( $bp->root_domain );
    280288
    281289    /* Check to see if any new information has been submitted */
    282     if ( isset($_POST['field_ids']) ) {
     290    if ( isset( $_POST['field_ids'] ) ) {
    283291
    284292        /* Check the nonce */
     
    556564
    557565function xprofile_get_field_group( $field_group_id ) {
    558     return new BP_XProfile_Group( $field_group_id );
     566    $field_group = new BP_XProfile_Group( $field_group_id );
     567
     568    if ( empty( $field_group->id ) )
     569        return false;
     570
     571    return $field_group;
    559572}
    560573
  • trunk/bp-xprofile/bp-xprofile-classes.php

    r2342 r2359  
    1212
    1313        if ( $id ) {
    14             $this->populate($id);
     14            $this->populate( $id );
    1515        }
    1616    }
     
    1919        global $wpdb, $bp;
    2020
    21         $sql = $wpdb->prepare("SELECT * FROM {$bp->profile->table_name_groups} WHERE id = %d", $id);
    22 
    23         if ( $group = $wpdb->get_row($sql) ) {
    24             $this->id = $group->id;
    25             $this->name = $group->name;
    26             $this->description = $group->description;
    27             $this->can_delete = $group->can_delete;
    28         }
    29 
     21        $sql = $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_groups} WHERE id = %d", $id );
     22
     23        if ( !$group = $wpdb->get_row($sql) )
     24            return false;
     25
     26        $this->id = $group->id;
     27        $this->name = $group->name;
     28        $this->description = $group->description;
     29        $this->can_delete = $group->can_delete;
    3030    }
    3131
Note: See TracChangeset for help on using the changeset viewer.