bbp_get_current_user_id() Doesn't Work Properly

[alex-ye]

Hi , This bug causes a serious problems , because it make functions like bbp_is_user_keymaster() return wrong value as example .

One of those related bugs that you can found the private/hidden topics or replies in the bbPress key-master profile . and ..etc

So what's wrong , I think the bbp_get_current_user_id() should return the current logged in user ID only , nothing else !!

However , The current function return the get_query_var( 'bbp_user_id' ) if the user is not logged in !

[johnjamesjacoby]

(In [4830]) Remove outdated bbp_get_user_id() phpdoc references. See #2284.

[johnjamesjacoby]

Hm. I see how this could be a problem. Do you have a reproduction case where bbp_is_user_keymaster() is returning invalid results? In my imagination, I guess viewing a keymaster profile when there are hidden forums and sidebar widgets might leak links?

[MZAWeb]

Why is it considering the query_var in the first place? Seems weird but I'm sure there's a good reason.

[alex-ye]

@johnjamesjacoby a function like bbp_is_user_keymaster with empty $user_id should return whether the current logged in user is a keymaster or not , It shouldn't return true if the displayed user is or the if the user in query is ..

You can reproduce this easily by put this code in the head of user-topics-created.php file :

echo ( bbp_is_user_keymaster() ) ? "The current logged-in user is a keymaster" : ":)";

after that go to a key-master topics created page ( make sure you logged out ) , You will find the string "The current logged-in user is a keymaster" in the output !!

Because that a function like bbp_exclude_forum_ids() don't exclude the private and hidden forums topics/replies in the key-master profile ...

[johnjamesjacoby]

(In [4831]) In bbp_get_user_id(), do not fallback to 'bbp_user_id' query variable, to prevent accidentally confusing a Guest (anonymous) user with the displayed user, in situations where empty bbp_get_user_id() checks are made. Fixes #2284.