Skip to:
Content

BuddyPress.org

Opened 11 years ago

Closed 11 years ago

#4735 closed defect (bug) (fixed)

can't delete activity where user_id is empty

Reported by: magnus78's profile magnus78 Owned by:
Milestone: 1.7 Priority: low
Severity: minor Version:
Component: Activity Keywords: needs-patch
Cc:

Description

Deleting activity where user_id is empty is prohibited. This can e.g. be group activities imported from external feeds.

Works fine when i remove the empty check.

Attachments (1)

bptrac4735_allow_delete_anonymous_activity.patch (567 bytes) - added by magnus78 11 years ago.
proposed fix

Download all attachments as: .zip

Change History (4)

#1 @boonebgorges
11 years ago

  • Component changed from Core to Activity
  • Milestone changed from Awaiting Review to 1.7
  • Priority changed from normal to low
  • Severity changed from normal to minor

It's fine to remove the user id check as suggested in the patch, but then we need to modify bp_activity_user_can_delete() to make sure it doesn't return true for logged-out users (logged-in user id = 0).

#2 @DJPaul
11 years ago

  • Keywords needs-patch added; has-patch removed

This patch needs updating per boonebgorges' feedback in order for 1.7.

#3 @boonebgorges
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6732]) Allow activity items to be deleted when the user_id key is empty

Some plugins create activity items that are not attached to a specific user_id.
The activity deletion request handlers (AJAX and bp-activity-actions) prevent
deletion of activity items when the item's user_id value is empty. This
changeset moves this security measure to the bp_activity_user_can_delete()
function, so that anonymous activity items can still be deleted by item admins.

Props magnus78

Fixes #4735

Note: See TracTickets for help on using tickets.