Opened 11 years ago
Closed 10 years ago
#5319 closed enhancement (fixed)
Prevent friend POST request from member to himself
Reported by: | megainfo | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 2.0 | Priority: | low |
Severity: | minor | Version: | 1.9.1 |
Component: | Friends | Keywords: | has-patch |
Cc: |
Description
Member can be a friend with himself by sending ajax post (using some web tools like Firefox Webdeveloper or Firebug).
Attachments (3)
Change History (13)
#1
@
11 years ago
- Summary changed from Prevent POST request from member to himself to Prevent friend POST request from member to himself
#2
@
11 years ago
- Keywords 2nd-opinion added
I don't see that much harm can come of this, but I suppose it's a good idea to fix it.
Other devs: better to fix here, or in friends_add_friend()
? Any legitimate reason anyone can think of why we'd want to allow self-friendships at the level of friends_add_friend()
but not at the interface level?
#3
@
11 years ago
I'd say put the fix in friends_add_friend()
. I don't think there's a legitimate reason a person would want to be friends with themselves!
#5
@
11 years ago
- Keywords needs-refresh added
- Milestone changed from Awaiting Review to 2.0
- Priority changed from normal to low
- Severity changed from normal to minor
Sounds good to me. Let's get a refresh on the patch.
#7
@
10 years ago
- Keywords has-patch added; 2nd-opinion needs-refresh removed
Attached patch checks if the initiator and the pending friend to see if they are the same. If they are the same, we bail.
Patch also fixes a logic issue with how friends_add_friend()
checks if the two users are already friends. We need to use the friends_check_friendship()
to actually check if two users are friends or not. Instantiating a new BP_Friends_Friendship object does not do anything.
Just wanted some feedback on the latter before I commit.
Patch for Legacy template