Skip to:
Content

Opened 8 months ago

Closed 7 months ago

Last modified 7 months ago

#7524 closed defect (bug) (fixed)

get_group_administrator_ids() & get_group_moderator_ids() should protect against bad parameter.

Reported by: dcavins Owned by: dcavins
Milestone: 2.9 Priority: normal
Severity: normal Version: 1.6
Component: Groups Keywords: has-patch
Cc: dcavins

Description

This support thread brought up a problem where bp_group_has_moderators() was generating an error ("PHP Warning: Creating default object from empty value in /wp-content/plugins/buddypress/bp-groups/classes/class-bp-groups-member.php on line 1170"):

https://buddypress.org/support/topic/group-header-file-problems/page/2/#post-265986

My best guess is that what's happening is that bp_group_has_moderators() is being called without a $group parameter, and $groups_template->group isn't set, so the downstream moderator fetching functions are being called without a valid group ID to refer to.

I'm attaching a patch that adds some self-defense in BP_Groups_Member::get_group_administrator_ids() & BP_Groups_Member::get_group_moderator_ids() in the event that the group ID is not set or is otherwise bad.

Sort of related is #3842 in which we try to improve the logic for guessing the current group in all of these template functions that now fall back to $groups_template->group, which of course is only useful in a groups loop.

Attachments (1)

7524.1.diff (2.9 KB) - added by dcavins 8 months ago.
Protect mod and admin fetchers against bad group IDs.

Download all attachments as: .zip

Change History (4)

@dcavins
8 months ago

Protect mod and admin fetchers against bad group IDs.

#1 @hnla
7 months ago

  • Keywords early added
  • Milestone changed from 2.9 to 3.0

#2 @dcavins
7 months ago

  • Owner set to dcavins
  • Resolution set to fixed
  • Status changed from new to closed

In 11609:

Handle missing parameter in group admin fetching functions.

In some situations, bp_group_has_moderators() is
being called without a $group parameter, causing the
downstream functions problems. This commit adds an
early return if the required parameter isn’t supplied.
It also recognizes when the cache request returns false
and skips the integer casting step.

Fixes #7524.

#3 @dcavins
7 months ago

  • Keywords early removed
  • Milestone changed from 3.0 to 2.9
Note: See TracTickets for help on using tickets.