[buddypress-trac] [BuddyPress] #2290: New User Registration: Required fields can be bypassed
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Tue Apr 6 21:48:18 UTC 2010
#2290: New User Registration: Required fields can be bypassed
----------------------+-----------------------------------------------------
Reporter: rvenable | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.2.4
Component: Core | Keywords:
----------------------+-----------------------------------------------------
Buddypress has an option to make certain profile fields required. Required
fields can be bypassed in new user creation.
BP only checks fields that have been passed in through
$_POST['signup_profile_field_ids'] (see bp_core_screen_signup() in
[http://trac.buddypress.org/browser/trunk/bp-core/bp-core-signup.php#L56
bp-core-signup.php]), so if a user creates a post query that doesn't
include that variable they can create an account without the required
fields.
That's not that big of a deal unless the BP site is trying to use required
fields to fight automated account creation.
--
Ticket URL: <https://trac.buddypress.org/ticket/2290>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list