Skip to:
Content

BuddyPress.org

Opened 12 years ago

Closed 12 years ago

Last modified 10 years ago

#5071 closed defect (bug) (fixed)

BP User Query and management of the include argument

Reported by: imath's profile imath Owned by: boonebgorges's profile boonebgorges
Milestone: 1.8 Priority: high
Severity: critical Version: 1.8
Component: Friends Keywords: has-patch needs-testing
Cc: trisha@…

Description

Hi,

I think this trouble is really annoying, that's why, for the first time, i've put a high severity on a ticket.

I was testing the friends component, then i've noticed when going into my friendship requests page (siteurl.dev/members/imath/friends/requests/) that all the users of the blog where showing even if i hadn't ask them to become my friends. So i clicked on Accept friendship to see what would happened but as no user id is in the url, it triggers an error...

Then i added a friend and went on his request page and there i was the only one in his request list. So i accepted and as soon as i've reloaded the request page, all the users were showing again. Even the friend i've accepted, and the button Accept was back..

So i've searched and landed in BP_User_Query class where the include parameter of bp_has_members() is managed, and the problem seems to be there as with the use of !empty( $include ) at line 318 of bp-core-classes.php the $sqlwhere?[] = 'u.user_id IN (0)' is never set. So the $sqlwhere? only have 1 element : 'u.field_id = 1' and all the users are showing.

I've checked in 1.7 and saw that the condition was false !== $include, so the diff attached to this ticket is using this condition and it seems to solve the trouble in the member's request friendship page. But i don't know if this break something elsewhere, so i think this should be checked more deeply.

Attachments (1)

5071.diff (675 bytes) - added by imath 12 years ago.

Download all attachments as: .zip

Change History (6)

@imath
12 years ago

#1 @boonebgorges
12 years ago

  • Keywords 2nd-opinion removed
  • Milestone changed from Awaiting Review to 1.8
  • Priority changed from normal to high

I've confirmed this. From what I can see, it only happens when the current user has zero real friendship requests. (In other words, if there is at least one legitimate request, the bp_has_members() and BP_User_Query will return the correct users.)

#2 @trishasalas
12 years ago

I applied the patch, tried with and without. On a dev install where I have 0 friends and 0 friend requests I am presented with the entire member list before the patch. When the patch is applied it returns 0 as expected.

Will report back if I see any wonky behavior otherwise.

#3 @trishasalas
12 years ago

  • Cc trisha@… added

#4 @boonebgorges
12 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 7239:

Use strict type checking when setting default 'include' value in BP_User_Query

Using the empty() check resulted in problems when empty arrays were passed into
BP_User_Query as the 'include' parameter, such as when querying for a user's
friend requests when the user did not have any - in these cases, all users
ended up being returned.

Fixes #5071

Props imath

#5 @johnjamesjacoby
10 years ago

  • Version changed from 1.8-beta to 1.8
Note: See TracTickets for help on using tickets.