[buddypress-trac] [BuddyPress Trac] #6888: BuddyPress Activity Stream Privacy Issue

buddypress-trac noreply at wordpress.org
Mon Feb 8 22:35:17 UTC 2016 

#6888: BuddyPress Activity Stream Privacy Issue
--------------------------+-----------------------------
 Reporter:  terranova23   |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  API           |    Version:  2.4.0
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 Hi there,

 First of all, we're running the latest version of Wordpress, BuddyPress,
 and bbPress, as well as MemberMouse. My client runs a website which
 features online courses which need to be kept private from one another.
 They are using a mixture of those three plugins to achieve that. However,
 if a user views the profile of a user in a different group (set to
 private) they can see private forum posts listed in their activity stream.
 They can't click through, but just viewing those topics creates a privacy
 issue.

 Until now we have kept the activity stream disabled to avoid this issue,
 but we would like to be able to use the activity stream feature, but fixed
 to ensure people can't see into the other groups they shouldn't have
 access to.

 I see this issue has come up many times before and have read a bunch of
 threads about it without any luck. On this thread:
 https://buddypress.org/support/topic/bugs-between-bbpress-and-buddypress
 there was an invitation to start a Trac if people still had issues. Since
 this doesn't seem to have been resolved, here I am.

 Our groups are set to private and I just used the recalculate tool to
 ensure the database considers them private. We did also try reverting to
 default themes and disabling all but the relevant plugins and that didn't
 change anything.

 As far as what steps should be taken to recreate the problem, here is what
 I propose: A setup where there are at least two unique and private groups,
 two users, one with access to only one of the groups. If one user is able
 to see posts from the other user while in their activity feed, that is our
 issue.

 Of course, if progress has been made on this or workarounds have been
 posted that would fix it, please let me know. But after looking through
 the many threads about this issue, I wasn't able to find anything.

 Thanks very much for your time.
 Rory

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6888>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list