[buddypress-trac] [BuddyPress Trac] #7530: Fetching of ALL users from bp_friends_prime_mentions_results() for non logged in users
buddypress-trac
noreply at wordpress.org
Sun May 28 11:23:01 UTC 2017
#7530: Fetching of ALL users from bp_friends_prime_mentions_results() for non
logged in users
--------------------------+-----------------------------
Reporter: dsar | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: (not sure) | Version:
Severity: major | Keywords:
--------------------------+-----------------------------
Hello,
Currently, bp_friends_prime_mentions_results()'s only check if a user is
not logged in is dependent on Wordpress filter
(bp_activity_maybe_load_mentions_scripts). When another plugin sets high
priority for this filter and returns true, as is the case currently with
rtMedia
https://github.com/rtMediaWP/rtMedia/blob/d9d060dc59fe0a153df57e2dd7e062ad5c6721e9/app/main/RTMedia.php#L220-L236
bp_friends_prime_mentions_results() will run completely even for non
logged in users.
This results in listing of ALL users on all pages for non-logged in users.
This is a huge issue, and although it's initiated by rtMEdia's code, I
believe Buddypress should have a check to avoid this problem. It's as easy
as adding
{{{
if (get_current_user_id() == 0) {
return;
}
}}}
check to bp_friends_prime_mentions_results().
Maybe a better, or additional fix would be to change how BP_User_Query
class works - currently passing user_id 0 to it will return all users. I
think it should return no users. This would be doable by changing default
user_id in it to null or false and having a proper check for it.
Currently, default for user_id is 0 and check if user_id is passed is
using empty().
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7530>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list