Opened 9 years ago
Closed 9 years ago
#6730 closed defect (bug) (fixed)
Default 'bp_xprofile_change_field_visibility' cap check passes
Reported by: | r-a-y | Owned by: | |
---|---|---|---|
Milestone: | 2.4.2 | Priority: | normal |
Severity: | normal | Version: | 2.4.0 |
Component: | Extended Profile | Keywords: | has-patch commit |
Cc: | dcavins |
Description
Reported here:
https://buddypress.org/support/topic/profile-field-visibility-enforced-but-members-can-override/
If an admin has enabled 'Enforce field visibility' for a profile field, in v2.4.0, the "Change" link still shows up when a user attempts to edit the profile field.
The problem is due to the bp_current_user_can()
modifications that were made in #6501 (my fault!) and how we do capability argument checks for the 'bp_xprofile_change_field_visibility'
cap.
The 'bp_xprofile_change_field_visibility'
cap checks if a specific capability argument is valid with isset( $args[0] )
. In BP 2.3.4, this would fail; in BP 2.4.0, this passes since $args[0]
is now an empty array and not null
.
I've attached a patch that fixes this with a unit test.
Not tested but looks ok