Skip to:

Opened 10 months ago

Closed 9 months ago

Last modified 9 months ago

#7524 closed defect (bug) (fixed)

get_group_administrator_ids() & get_group_moderator_ids() should protect against bad parameter.

Reported by: David Cavins Owned by: David Cavins
Milestone: 2.9 Priority: normal
Severity: normal Version: 1.6
Component: Groups Keywords: has-patch
Cc: David Cavins


This support thread brought up a problem where bp_group_has_moderators() was generating an error ("PHP Warning: Creating default object from empty value in /wp-content/plugins/buddypress/bp-groups/classes/class-bp-groups-member.php on line 1170"):

My best guess is that what's happening is that bp_group_has_moderators() is being called without a $group parameter, and $groups_template->group isn't set, so the downstream moderator fetching functions are being called without a valid group ID to refer to.

I'm attaching a patch that adds some self-defense in BP_Groups_Member::get_group_administrator_ids() & BP_Groups_Member::get_group_moderator_ids() in the event that the group ID is not set or is otherwise bad.

Sort of related is #3842 in which we try to improve the logic for guessing the current group in all of these template functions that now fall back to $groups_template->group, which of course is only useful in a groups loop.

Attachments (1)

7524.1.diff (2.9 KB) - added by David Cavins 10 months ago.
Protect mod and admin fetchers against bad group IDs.

Download all attachments as: .zip

Change History (4)

@David Cavins
10 months ago

Protect mod and admin fetchers against bad group IDs.

#1 @hnla
9 months ago

  • Keywords early added
  • Milestone changed from 2.9 to 3.0

#2 @David Cavins
9 months ago

  • Owner set to David Cavins
  • Resolution set to fixed
  • Status changed from new to closed

In 11609:

Handle missing parameter in group admin fetching functions.

In some situations, bp_group_has_moderators() is
being called without a $group parameter, causing the
downstream functions problems. This commit adds an
early return if the required parameter isn’t supplied.
It also recognizes when the cache request returns false
and skips the integer casting step.

Fixes #7524.

#3 @David Cavins
9 months ago

  • Keywords early removed
  • Milestone changed from 3.0 to 2.9
Note: See TracTickets for help on using tickets.