[buddypress-trac] [BuddyPress] #5092: In Member's group invites list, hidden group permalink should be filtered to avoid 404
buddypress-trac
noreply at wordpress.org
Tue Jul 9 15:55:07 UTC 2013
#5092: In Member's group invites list, hidden group permalink should be filtered
to avoid 404
---------------------------------------------------+-----------------------
Reporter: imath | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 1.9
Component: Groups | Version: 1.8-beta
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-refresh |
---------------------------------------------------+-----------------------
Changes (by boonebgorges):
* keywords: has-patch needs-testing => has-patch needs-testing needs-
refresh
* milestone: Awaiting Review => 1.9
Comment:
I'm not convinced that this is the right kind of solution (at least not by
itself). First, security/privacy issues should never be solved with JS
alone, since it's so easy to turn off JS. Second, while it's true that
hidden groups should not be visible to non-members, the very act of
sending an invitation has exposed the existence of the group to the
invitee (after all, its name appears on the list of invitations).
However, it is indeed a problem that clicking the link results in a 404.
Maybe in cases where a user tries to access a hidden group of which he's
not a member but to which he's received an invitation, we should load the
group template, but show a "this group is hidden" message - like we
already do for private groups. The logic would be here-ish (261):
http://buddypress.trac.wordpress.org/browser/tags/1.7.2/bp-groups/bp-
groups-loader.php#L254
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5092#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list