Skip to:
Content

#7324 closed defect (bug) (fixed)

Possible php warnings in bp_legacy_theme_delete_activity_comment()

Reported by: Jonas Lundman Owned by: slaFFik
Milestone: 2.8 Priority: lowest
Severity: normal Version:
Component: Core Keywords: has-patch
Cc:

Description

Issue in

bp_legacy_theme_delete_activity_comment()

This call:

$comment = new BP_Activity_Activity( $_POST['id'] );

is done before verifying the POST id :

if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
		exit( '-1' );

PHP warnings breaks the response

Attachments (1)

7324.patch (1.1 KB) - added by slaFFik 13 months ago.
Removed some code cleanup

Download all attachments as: .zip

Change History (8)

#1 @slaFFik
13 months ago

  • Milestone changed from Awaiting Review to 2.8
  • Summary changed from Comment reply php warnings to Possible php warnings in bp_legacy_theme_delete_activity_comment()
  • Version 2.7 deleted

Jonas Lundman, thanks for your first submitted issue!

I don't see any problems in reordering some lines with checks in this function. I will prepare the patch.

#2 @slaFFik
13 months ago

  • Keywords has-patch added

This ticket was mentioned in Slack in #buddypress by slaffik. View the logs.


13 months ago

#4 @DJPaul
13 months ago

  • Keywords needs-patch added; has-patch removed

This needs a new patch @slaFFik . It should JUST make the change described in this ticket to fix it; the other code improvements should go in separately. What I normally do when about to commit patches like this, is do a commit just for the fix, then a second commit for the miscellaneous improvements. But when sharing a patch up for review, it's as concise and as targeted as possible.

#5 @slaFFik
13 months ago

  • Owner set to slaFFik
  • Status changed from new to assigned

@DJPaul
Thanks for your insights. I will redo the patch.

#6 @slaFFik
13 months ago

  • Keywords has-patch added; needs-patch removed

@slaFFik
13 months ago

Removed some code cleanup

#7 @slaffik
12 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 11270:

Prevent possible warning in bp_legacy_theme_delete_activity_comment().

Firstly, check $_POST['id'] itself, only after that - for logged-in user status. Prevents warnings when the AJAX request is sent with wrong params, which doesn't allow to proceed and run additional code.

Props jonas-lundman.
Fixes #7324.

Note: See TracTickets for help on using tickets.