[buddypress-trac] [BuddyPress Trac] #7401: Wrong user data leak with external object cache
buddypress-trac
noreply at wordpress.org
Tue Dec 20 18:36:14 UTC 2016
#7401: Wrong user data leak with external object cache
-----------------------------------+------------------
Reporter: m_uysl | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Extended Profile | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+------------------
Comment (by m_uysl):
> The mechanics of the more general case (as described in #6091) are still
not clear to me, but I'm fairly sure they're related.
I think so.
> This change requires passing around the $user_id and $get_data params,
which I don't really like, but it does the trick.
I hate extra parameters as well but it's less terrifying than fetching
wrong data :)
> What do you think of this more general change?
It certainly makes sense `BP_XProfile_Group::get()` should always fetch
data belongs to correct user.
@boonebgorges I updated your patch by adding `$user_id` to fake cache
data. (just in case)
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7401#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list