[buddypress-trac] [BuddyPress Trac] #7615: Message thread "conversation" view can be accessed under another participant's URL
buddypress-trac
noreply at wordpress.org
Wed Nov 29 17:35:36 UTC 2017
#7615: Message thread "conversation" view can be accessed under another
participant's URL
--------------------------+---------------------
Reporter: boonebgorges | Owner: djpaul
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.0
Component: Messages | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch |
--------------------------+---------------------
Changes (by djpaul):
* owner: => djpaul
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"11752"]:
{{{
#!CommitTicketReference repository="" revision="11752"
Messages: fix reading messages by enforcing a canonical URL.
The screen loader function only checks to see whether the current user
should have access to the message thread.
This change makes sure that user is viewing it at their correct URL.
This is not a security issue/fix, just a design oversight.
Fixes #7615
Props boonebgorges
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7615#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list