Skip to:

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#7524 closed defect (bug) (fixed)

get_group_administrator_ids() & get_group_moderator_ids() should protect against bad parameter.

Reported by: dcavins's profile dcavins Owned by: dcavins's profile dcavins
Milestone: 2.9 Priority: normal
Severity: normal Version: 1.6
Component: Groups Keywords: has-patch
Cc: dcavins


This support thread brought up a problem where bp_group_has_moderators() was generating an error ("PHP Warning: Creating default object from empty value in /wp-content/plugins/buddypress/bp-groups/classes/class-bp-groups-member.php on line 1170"):

My best guess is that what's happening is that bp_group_has_moderators() is being called without a $group parameter, and $groups_template->group isn't set, so the downstream moderator fetching functions are being called without a valid group ID to refer to.

I'm attaching a patch that adds some self-defense in BP_Groups_Member::get_group_administrator_ids() & BP_Groups_Member::get_group_moderator_ids() in the event that the group ID is not set or is otherwise bad.

Sort of related is #3842 in which we try to improve the logic for guessing the current group in all of these template functions that now fall back to $groups_template->group, which of course is only useful in a groups loop.

Attachments (1)

7524.1.diff (2.9 KB) - added by dcavins 7 years ago.
Protect mod and admin fetchers against bad group IDs.

Download all attachments as: .zip

Change History (4)

7 years ago

Protect mod and admin fetchers against bad group IDs.

#1 @hnla
7 years ago

  • Keywords early added
  • Milestone changed from 2.9 to 3.0

#2 @dcavins
7 years ago

  • Owner set to dcavins
  • Resolution set to fixed
  • Status changed from new to closed

In 11609:

Handle missing parameter in group admin fetching functions.

In some situations, bp_group_has_moderators() is
being called without a $group parameter, causing the
downstream functions problems. This commit adds an
early return if the required parameter isn’t supplied.
It also recognizes when the cache request returns false
and skips the integer casting step.

Fixes #7524.

#3 @dcavins
7 years ago

  • Keywords early removed
  • Milestone changed from 3.0 to 2.9
Note: See TracTickets for help on using tickets.