[buddypress-trac] [BuddyPress Trac] #5796: Invalid or empty page_arg results in no-limit queries
buddypress-trac
noreply at wordpress.org
Sat Dec 27 19:02:57 UTC 2014
#5796: Invalid or empty page_arg results in no-limit queries
--------------------------------------+------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.2
Component: All Components | Version:
Severity: major | Resolution:
Keywords: good-first-bug has-patch |
--------------------------------------+------------------
Changes (by boonebgorges):
* keywords: good-first-bug commit has-patch => good-first-bug has-patch
Comment:
5796.2.patch won't work because it doesn't check to see that the
`$_REQUEST` value isset before passing to `absint()`.
[attachment:5796.3.patch] makes the logic a bit more verbose. Includes
unit tests for the following cases:
- `$_REQUEST['acpage']` = 5 (a valid number, which overrides the 'page'
value passed to the template object)
- `$_REQUEST['acpage']` = 0 (an invalid number, in which case the value of
'page' should be used)
- `$_REQUEST['num']` = 14 (a valid number, which overrides the 'per_page'
value passed to the template object)
- `$_REQUEST['num']` = 0 (an invalid number, in which case the value of
'per_page' should be used)
I think this logic correctly describes what we want here (though see my
comment above about how this is not ideal - there ought to be a better way
to override URL params programatically). Could I get a second set of eyes?
If it's right, I think we can apply the same logic across the template
classes.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5796#comment:17>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list