Skip to:
Content

bbPress.org

Opened 20 months ago

Closed 19 months ago

Last modified 5 weeks ago

#3190 closed defect (fixed)

Undefined $args[0] in meta_map filter for the topics and replies

Reported by: chriscct7 Owned by: jjj
Milestone: 2.6 Priority: normal
Severity: normal Version:
Component: API - Roles/Capabilities Keywords: good-first-bug has-patch
Cc: contato@…, chriscct7@…

Description

Over the years, a lot of bbPress users have apparently opened tickets on WordPress.org support forums for various plugins that were "breaking" bbPress due to a set of undefined offset notices in the capabilities parts of bbPress. I got one of these today on one of my plugins:

Notice: Undefined offset: 0 in /bbpress/includes/topics/capabilities.php on line 80
Notice: Undefined offset: 0 in /bbpress/includes/replies/capabilities.php on line 62

Above both of these lines, bbPress just needs to add the following (a patch I'd submit but I literally just uninstalled both sublime and tortoiseSVN):

if ( empty( $args[0] ) ) { 
   return $caps;
}

This will prevent the attempted access of $args[0], which is normally the array of mapped meta caps for custom post types, but in the case of another plugin registering a non-CPT tied meta-cap on a non-post type (example: a settings screen), $args will be an empty array, which bbPress doesn't check for before trying to access, resulting in the above errors.

Attachments (2)

3190-1.diff (2.9 KB) - added by espellcaste 20 months ago.
3190-2.diff (3.9 KB) - added by espellcaste 20 months ago.

Download all attachments as: .zip

Change History (13)

#1 @chriscct7
20 months ago

  • Keywords good-first-patch added

#2 @netweb
20 months ago

  • Keywords good-first-bug added; good-first-patch removed
  • Milestone changed from Future Release to 2.6

Thanks @chriscct7 :+1:

#3 @netweb
20 months ago

  • Keywords needs-patch added

@espellcaste
20 months ago

#4 @espellcaste
20 months ago

  • Cc contato@… added
  • Keywords has-patch added; needs-patch removed

I didn't add to the Forum post type because I'm assuming this bug doesn't happen there. But maybe it is better to double check over there as well.

What do you guys think?

#5 @chriscct7
20 months ago

  • Keywords needs-patch added; has-patch removed

Hi there,
The code should be:

if ( empty( $args[0] ) ) { 
   return $caps;
}

empty() in PHP is the equivalent of ! isset($var) || $var == false so there's no need to do both if ( ! isset( $args[0] ) || empty( $args[0] ) ) { it can just be if ( empty( $args[0] ) ) {

In the case that $args[0] is not set, it should return $caps, and thus not proceed further, because in the case of the included patch, execution will continue and $args[0] will still be undefined and will throw the same error.

Therefore the patch above just needs all of the changes of

if ( ! isset( $args[0] ) || empty( $args[0] ) ) {
     $caps = array();
}

swapped out with

if ( empty( $args[0] ) ) { 
   return $caps;
}

Alternatively, instead of new lines, the lines containing

$_post = get_post( $args[0] ); 

could be modified into

$_post = ! empty( $args[0] ) ? get_post( $args[0] ) : false; 

#6 @chriscct7
20 months ago

  • Owner set to jjj

(per slack discussion)

Last edited 20 months ago by chriscct7 (previous) (diff)

@espellcaste
20 months ago

#7 @chriscct7
20 months ago

3190-2.diff looks good to me

#8 @chriscct7
20 months ago

  • Keywords has-patch added; needs-patch removed

#9 @chriscct7
20 months ago

  • Cc chriscct7@… added

#10 @johnjamesjacoby
19 months ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6783:

Caps: Check for $args[0] and bail if empty.

This change avoids debug notices when single forum/topic/reply capability checks are done without having passed in a post ID.

Props espellcaste, chriscct7. Fixes #3190.

This ticket was mentioned in Slack in #bbpress by casiepa. View the logs.


5 weeks ago

Note: See TracTickets for help on using tickets.