[buddypress-trac] [BuddyPress] #5092: In Member's group invites list, hidden group permalink should be filtered to avoid 404

buddypress-trac noreply at wordpress.org
Tue Jul 9 15:55:07 UTC 2013


#5092: In Member's group invites list, hidden group permalink should be filtered
to avoid 404
---------------------------------------------------+-----------------------
 Reporter:  imath                                  |       Owner:
     Type:  enhancement                            |      Status:  new
 Priority:  normal                                 |   Milestone:  1.9
Component:  Groups                                 |     Version:  1.8-beta
 Severity:  normal                                 |  Resolution:
 Keywords:  has-patch needs-testing needs-refresh  |
---------------------------------------------------+-----------------------
Changes (by boonebgorges):

 * keywords:  has-patch needs-testing => has-patch needs-testing needs-
               refresh
 * milestone:  Awaiting Review => 1.9


Comment:

 I'm not convinced that this is the right kind of solution (at least not by
 itself). First, security/privacy issues should never be solved with JS
 alone, since it's so easy to turn off JS. Second, while it's true that
 hidden groups should not be visible to non-members, the very act of
 sending an invitation has exposed the existence of the group to the
 invitee (after all, its name appears on the list of invitations).

 However, it is indeed a problem that clicking the link results in a 404.
 Maybe in cases where a user tries to access a hidden group of which he's
 not a member but to which he's received an invitation, we should load the
 group template, but show a "this group is hidden" message - like we
 already do for private groups. The logic would be here-ish (261):
 http://buddypress.trac.wordpress.org/browser/tags/1.7.2/bp-groups/bp-
 groups-loader.php#L254

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5092#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list