Skip to:
Content

BuddyPress.org

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#7843 closed defect (bug) (fixed)

"The page isn't redirecting properly" when clicking activity

Reported by: jameshh93 Owned by: djpaul
Milestone: 3.1.0 Priority: normal
Severity: major Version: 3.0.0
Component: Activity Keywords: has-patch commit
Cc:

Description

Before the buddypress 3.0 update when clicking an activity instead of showing the acivity post I just get "The page isn't redirecting properly". Same thing happens when selecting "View Conversation" as well.

For example selecting:
http://utterz.com/feed-2/p/1616/

Acivity displays correctly on users profile the acivity displays as expected

http://utterz.com/members/dave-perry/

and on main acivity feed.

Everything was working before updated to version 3.0

Attachments (2)

7843.01.patch (2.0 KB) - added by r-a-y 2 years ago.
7843.2.diff (6.6 KB) - added by espellcaste 2 years ago.

Download all attachments as: .zip

Change History (14)

#1 @jameshh93
2 years ago

  • Summary changed from "The page isn't redirecting properly" when when clicking activity to "The page isn't redirecting properly" when clicking activity

#2 @DJPaul
2 years ago

  • Milestone changed from Awaiting Review to 3.0.1

Confirmed and caused by r11881.

Affects unauthenticated users.

Last edited 2 years ago by DJPaul (previous) (diff)

#3 @DJPaul
2 years ago

I think the root cause is that we used to assume everyone had access to an activity unless they met a blacklist condition, and now we assume no-one has access to an activity unless they meet a whitelist.

#4 @r-a-y
2 years ago

  • Keywords has-patch added; needs-patch removed

The problem is with the bp_activity_user_can_read() function (see #7048). It doesn't check for unauthenticated users.

In 01.patch, I suggest setting the default return value to true and doing checks for conditions that require false values. I've also added a check for spammed activity items, which is missing from v3.0.

The patch fails the test_user_cannot_access_someone_elses_activity() test:
https://buddypress.trac.wordpress.org/browser/tags/3.0.0/tests/phpunit/testcases/activity/functions.php?marks=1506#L1493

However, that test seems incorrect to me. A user should be able to view another person's activity, unless it is restricted in some manner.

Last edited 2 years ago by r-a-y (previous) (diff)

@r-a-y
2 years ago

#5 @DJPaul
2 years ago

Agree with all. Nice work.

#6 @DJPaul
2 years ago

  • Keywords commit added

#7 @r-a-y
2 years ago

Before committing, I'd like feedback from @espellcaste on the failing unit test and what the purpose is. Might be related to something specific for the WP-CLI Activity module.

#8 @DJPaul
2 years ago

  • Milestone changed from 3.0.1 to 3.1.0

Milestone renamed

#9 @espellcaste
2 years ago

@DJPaul and @r-a-y

Right now I don't remember why this test test_user_cannot_access_someone_elses_activity was introduced. I've looked at the BP REST API and it doesn't seem something related to it.

I think it can be removed.

I'm adding a patch with small fixes and more unit tests. :)

@espellcaste
2 years ago

#10 @r-a-y
2 years ago

@espellcaste - Looks good!

Can we remove the test_user_cannot_access_someone_elses_activity() test? Otherwise, feel free to commit.

#11 @djpaul
2 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 12154:

Activity: fix activity permalinks for unauthenticated users.

This change also re-adds the block on accessing spammed activity items.

Fixes #7843

Props r-a-y, espellcaste

#12 @djpaul
2 years ago

In 12155:

Activity: fix activity permalinks for unauthenticated users.

This change also re-adds the block on accessing spammed activity items.

Fixes #7843

Props r-a-y, espellcaste

Note: See TracTickets for help on using tickets.