[buddypress-trac] [BuddyPress Trac] #7048: Move permission checks in `bp_activity_screen_single_activity_permalink` into new function

buddypress-trac noreply at wordpress.org
Thu Jan 4 11:47:37 UTC 2018

#7048: Move permission checks in `bp_activity_screen_single_activity_permalink`
into new function
 Reporter:  DJPaul                    |       Owner:
     Type:  enhancement               |      Status:  assigned
 Priority:  high                      |   Milestone:  3.0
Component:  Activity                  |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  has-patch has-unit-tests  |

Comment (by DJPaul):

 I have spent over an hour this morning looking at the patch very
 carefully. :)

 The `bp_do_404()` bit needs to be added back: that protects against
 accessing a Group Activity when the Groups component is disabled. I
 suspect that's why the otherwise incorrect-looking
 `isset($bp->groups->id)` is in there. Otherwise the patch leaks
 private/hidden Group Activity items.

 As part of the above, I think the order of the clauses should be flipped
 back, and that `!$retval` suggestion I made should be taken out -- see
 https://imgur.com/a/UUoPB (left is current trunk, right is patch).

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7048#comment:19>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list