[buddypress-trac] [BuddyPress Trac] #6843: Activity @mentions in private groups for non members

buddypress-trac noreply at wordpress.org
Mon Jan 25 20:49:52 UTC 2016


#6843: Activity @mentions in private groups for non members
--------------------------+-----------------------------
 Reporter:  timeuser      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  API           |    Version:  2.4.0
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 The activity index template shows posts from private & hidden groups that
 the user is not a member of if they are @mentioned in the post. They
 should not be able to see these posts since they aren't a member of the
 group.

 I can fix this by removing line #825 in bp-activity-filters.php:

 {{{#!php
 'show_hidden'      => true
 }}}

 But I'm not sure of the implications of why that override of show_hidden
 is even there. Removing that doesn't cause other problems I can see yet.
 Surely this is more complicated as there has to be a reason that override
 was put there?

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6843>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list