[buddypress-trac] [BuddyPress] #2329: Security problem: Join private/hidden groups by manipulating the URL with nonce
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Fri Apr 23 00:15:18 UTC 2010
#2329: Security problem: Join private/hidden groups by manipulating the URL with
nonce
----------------------+-----------------------------------------------------
Reporter: gottowik | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.2.4
Component: Core | Keywords: has-patch needs-testing
----------------------+-----------------------------------------------------
Comment(by boonebgorges):
Replying to [comment:4 boonebgorges]:
> BTW I also had to fix a couple of those pesky
function_exists('friends_install') checks that snuck there way back into
the trunk in [2925]
otherwise I couldn't actually test by sending group invitations :)
--
Ticket URL: <http://trac.buddypress.org/ticket/2329#comment:5>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list