[buddypress-trac] [BuddyPress] #4915: In 1.7, a user cannot delete his account anymore.
buddypress-trac
noreply at wordpress.org
Thu Apr 4 20:17:26 UTC 2013
#4915: In 1.7, a user cannot delete his account anymore.
--------------------------------------+------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 1.7
Component: Members | Version: 1.7
Severity: major | Resolution:
Keywords: needs-patch dev-feedback |
--------------------------------------+------------------
Comment (by boonebgorges):
Confirmed. This is a regression introduced by r6855.
The way that the permissions check worked before r6855 may have been
overlax (I'm not privy to the details of the security issue that led to
the check), but the fix prevents non-admins from deleting their own
accounts.
Because I don't know exactly what the previous changeset was meant to fix
(people deleting others' accounts? admins accidentally deleting users'
accounts?) I'm not totally sure how to patch this. I'll attempt a patch
that looks right to me, though I'd like feedback from johnjamesjacoby.
I wrote some automated tests for this issue. If anyone would like to take
a minute and make sure I've covered all the relevant test cases (I have 5
at the moment), that'd be helpful. https://github.com/buddypress
/BuddyPress-Unit-Tests/commit/f72c10bb41358dea14a376fb87b395933d62f0d1
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4915#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list