[buddypress-trac] [BuddyPress] #1263: Check $show_for_displayed_user on new nav_item
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed Oct 21 22:19:03 UTC 2009
#1263: Check $show_for_displayed_user on new nav_item
----------------------------+-----------------------------------------------
Reporter: johnjamesjacoby | Owner: johnjamesjacoby
Type: defect | Status: new
Priority: critical | Milestone: 1.1.2
Keywords: has-patch |
----------------------------+-----------------------------------------------
Without this, access to root level actions is still possible even if
$show_for_displayed_user is false and bp_is_home() is set as the
user_has_access level.
Thankfully the use of nonce's does not allow forms to be submitted.
Marked as critical since at the moment all guests and logged in users can
navigate to anyone's settings screens on BP1.1.1 installs.
--
Ticket URL: <http://trac.buddypress.org/ticket/1263>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list