[buddypress-trac] [BuddyPress Trac] #6504: Messages viewable to any logged out visitor

buddypress-trac noreply at wordpress.org
Mon Jun 15 01:50:59 UTC 2015


#6504: Messages viewable to any logged out visitor
-----------------------------------+------------------------------
 Reporter:  CodeMonkeyBanana       |       Owner:
     Type:  defect (bug)           |      Status:  new
 Priority:  normal                 |   Milestone:  Awaiting Review
Component:  Component - Messaging  |     Version:
 Severity:  major                  |  Resolution:
 Keywords:  has-patch              |
-----------------------------------+------------------------------

Comment (by johnjamesjacoby):

 In the future, let's treat issues like this as security issues. For this
 one, I'm fine hashing it out here until/unless someone feels much more
 strongly than I do about it.

 A few notes while mobile:
 * I'll look into this ASAP
 * The AJAX and JS from bp-default/legacy is a known pain-point, and needs
 more scrutinization similar to this
 * We will probably want to quick-fix this for 2.3.2, and roll something
 more comprehensive into 2.4
 * Something like roles & caps would help us here
 * I'll reply back in the next 24 hours with details and progress

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6504#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list