[buddypress-trac] [BuddyPress] #2343: SECURITY RISK (internal): Forum posts are "promiscuous" and can be hacked by unauthorized users
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Apr 26 22:22:07 UTC 2010
#2343: SECURITY RISK (internal): Forum posts are "promiscuous" and can be hacked
by unauthorized users
----------------------+-----------------------------------------------------
Reporter: 3sixty | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.2.4
Component: Forums | Keywords: has-patch, needs-testing
----------------------+-----------------------------------------------------
Changes (by boonebgorges):
* cc: boonebgorges@… (added)
Comment:
bp_has_forum_topics essentially does the same thing as my patch (if
$forum_id is missing it uses groups_get_groupmeta to find it). See around
line 172 in bp-forums-templatetags.php.
jjj - what you're suggesting sounds like it needs another abstraction
layer, something like "forum parent", that groups and other components
could tap into.
--
Ticket URL: <http://trac.buddypress.org/ticket/2343#comment:10>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list