[buddypress-trac] [BuddyPress] #2343: SECURITY RISK (internal): Forum posts are "promiscuous" and can be hacked by unauthorized users

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Mon Apr 26 21:55:54 UTC 2010


#2343: SECURITY RISK (internal): Forum posts are "promiscuous" and can be hacked
by unauthorized users
----------------------+-----------------------------------------------------
 Reporter:  3sixty    |       Owner:                          
     Type:  defect    |      Status:  new                     
 Priority:  critical  |   Milestone:  1.2.4                   
Component:  Forums    |    Keywords:  has-patch, needs-testing
----------------------+-----------------------------------------------------

Comment(by johnjamesjacoby):

 This solution works to prevent the bug, but for core we need to take into
 account situations where groups might not be turned on and forums might be
 using other components.

 There are only a few functions where these two components are required to
 talk to each other, and its best to keep that to a minimum if we can.

 Getting closer.

-- 
Ticket URL: <http://trac.buddypress.org/ticket/2343#comment:8>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list