[buddypress-trac] [BuddyPress Trac] #6843: Activity @mentions in private groups for non members
buddypress-trac
noreply at wordpress.org
Mon Jan 25 20:49:52 UTC 2016
#6843: Activity @mentions in private groups for non members
--------------------------+-----------------------------
Reporter: timeuser | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: API | Version: 2.4.0
Severity: normal | Keywords:
--------------------------+-----------------------------
The activity index template shows posts from private & hidden groups that
the user is not a member of if they are @mentioned in the post. They
should not be able to see these posts since they aren't a member of the
group.
I can fix this by removing line #825 in bp-activity-filters.php:
{{{#!php
'show_hidden' => true
}}}
But I'm not sure of the implications of why that override of show_hidden
is even there. Removing that doesn't cause other problems I can see yet.
Surely this is more complicated as there has to be a reason that override
was put there?
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6843>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list