[buddypress-trac] [BuddyPress] #2329: Security problem: Join private/hidden groups by manipulating the URL with nonce

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Fri Apr 23 00:15:18 UTC 2010


#2329: Security problem: Join private/hidden groups by manipulating the URL with
nonce
----------------------+-----------------------------------------------------
 Reporter:  gottowik  |       Owner:                         
     Type:  defect    |      Status:  new                    
 Priority:  critical  |   Milestone:  1.2.4                  
Component:  Core      |    Keywords:  has-patch needs-testing
----------------------+-----------------------------------------------------

Comment(by boonebgorges):

 Replying to [comment:4 boonebgorges]:
 > BTW I also had to fix a couple of those pesky
 function_exists('friends_install') checks that snuck there way back into
 the trunk in [2925]
 otherwise I couldn't actually test by sending group invitations :)

-- 
Ticket URL: <http://trac.buddypress.org/ticket/2329#comment:5>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list