[buddypress-trac] [BuddyPress] #3211: Activity permalink screen doesn't check the author of the activity update
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed May 11 03:41:15 UTC 2011
#3211: Activity permalink screen doesn't check the author of the activity update
-----------------------+-----------------------------
Reporter: r-a-y | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Activity | Version: 1.3
Keywords: has-patch |
-----------------------+-----------------------------
The default activity permalink looks like:
http://testbp.org/activity/p/99923/
BP's activity router redirects this to:
http://testbp.org/members/johnjamesjacoby/activity/99923
However, no check is done on the author (in this case "johnjamesjacoby"),
so I can do this:
http://testbp.org/members/ANYTHINGHERE/activity/99923
And it will still work.
Attached patch fixes this.
--
Ticket URL: <https://trac.buddypress.org/ticket/3211>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list