[buddypress-trac] [BuddyPress] #2336: Leave/join group not checking url nonces; no noscript support for leaving groups
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Fri Apr 23 00:37:36 UTC 2010
#2336: Leave/join group not checking url nonces; no noscript support for leaving
groups
--------------------------+-------------------------------------------------
Reporter: boonebgorges | Owner:
Type: defect | Status: new
Priority: major | Milestone: 1.3
Component: Core | Keywords: has-patch needs-testing
--------------------------+-------------------------------------------------
Two problems:
1) Realized when looking at #2329 that the nonce wasn't being checked when
a user tried to join a group with a form submit (ie without ajax).
2) In turn, realized that there was no group-leaving counterpart of
groups_action_join_group, which means that it was impossible to leave a
group without Javascript or via URL.
Patch attached
--
Ticket URL: <http://trac.buddypress.org/ticket/2336>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list