[buddypress-trac] [BuddyPress Trac] #6504: Messages viewable to any logged out visitor
buddypress-trac
noreply at wordpress.org
Mon Jun 15 01:50:59 UTC 2015
#6504: Messages viewable to any logged out visitor
-----------------------------------+------------------------------
Reporter: CodeMonkeyBanana | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Component - Messaging | Version:
Severity: major | Resolution:
Keywords: has-patch |
-----------------------------------+------------------------------
Comment (by johnjamesjacoby):
In the future, let's treat issues like this as security issues. For this
one, I'm fine hashing it out here until/unless someone feels much more
strongly than I do about it.
A few notes while mobile:
* I'll look into this ASAP
* The AJAX and JS from bp-default/legacy is a known pain-point, and needs
more scrutinization similar to this
* We will probably want to quick-fix this for 2.3.2, and roll something
more comprehensive into 2.4
* Something like roles & caps would help us here
* I'll reply back in the next 24 hours with details and progress
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6504#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list