[buddypress-trac] [BuddyPress] #2592: BP Group Extension Access Bug
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Aug 19 20:37:22 UTC 2010
#2592: BP Group Extension Access Bug
---------------------------+------------------------------------------------
Reporter: travel-junkie | Owner:
Type: defect | Status: new
Priority: major | Milestone: 1.2.6
Component: Groups | Keywords:
---------------------------+------------------------------------------------
When you handtype in an url to an edit page, that has been created using
the extension API, then you get access to that page even though you’re
logged out.
Here's the fix. In bp-groups-classes.php around line 1026, just add
{{{
if ( !$bp->is_item_admin )
return false;
}}}
right after this line:
{{{
if ( $this->enable_edit_item ) {
}}}
--
Ticket URL: <http://trac.buddypress.org/ticket/2592>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list