#7843 closed defect (bug) (fixed)
"The page isn't redirecting properly" when clicking activity
Reported by: | jameshh93 | Owned by: | djpaul |
---|---|---|---|
Milestone: | 3.1.0 | Priority: | normal |
Severity: | major | Version: | 3.0.0 |
Component: | Activity | Keywords: | has-patch commit |
Cc: |
Description
Before the buddypress 3.0 update when clicking an activity instead of showing the acivity post I just get "The page isn't redirecting properly". Same thing happens when selecting "View Conversation" as well.
For example selecting:
http://utterz.com/feed-2/p/1616/
Acivity displays correctly on users profile the acivity displays as expected
http://utterz.com/members/dave-perry/
and on main acivity feed.
Everything was working before updated to version 3.0
Attachments (2)
Change History (14)
#1
@
7 years ago
- Summary changed from "The page isn't redirecting properly" when when clicking activity to "The page isn't redirecting properly" when clicking activity
#3
@
7 years ago
I think the root cause is that we used to assume everyone had access to an activity unless they met a blacklist condition, and now we assume no-one has access to an activity unless they meet a whitelist.
#4
@
7 years ago
- Keywords has-patch added; needs-patch removed
The problem is with the bp_activity_user_can_read()
function (see #7048). It doesn't check for unauthenticated users.
In 01.patch
, I suggest setting the default return value to true
and doing checks for conditions that require false
values. I've also added a check for spammed activity items, which is missing from v3.0.
The patch fails the test_user_cannot_access_someone_elses_activity()
test:
https://buddypress.trac.wordpress.org/browser/tags/3.0.0/tests/phpunit/testcases/activity/functions.php?marks=1506#L1493
However, that test seems incorrect to me. A user should be able to view another person's activity, unless it is restricted in some manner.
#7
@
7 years ago
Before committing, I'd like feedback from @espellcaste on the failing unit test and what the purpose is. Might be related to something specific for the WP-CLI Activity module.
#9
@
7 years ago
@DJPaul and @r-a-y
Right now I don't remember why this test test_user_cannot_access_someone_elses_activity
was introduced. I've looked at the BP REST API and it doesn't seem something related to it.
I think it can be removed.
I'm adding a patch with small fixes and more unit tests. :)
#10
@
7 years ago
@espellcaste - Looks good!
Can we remove the test_user_cannot_access_someone_elses_activity()
test? Otherwise, feel free to commit.
Confirmed and caused by r11881.
Affects unauthenticated users.