[buddypress-trac] [BuddyPress Trac] #7048: Move permission checks in `bp_activity_screen_single_activity_permalink` into new function
buddypress-trac
noreply at wordpress.org
Sun Mar 4 21:08:36 UTC 2018
#7048: Move permission checks in `bp_activity_screen_single_activity_permalink`
into new function
--------------------------------------+---------------------
Reporter: DJPaul | Owner: djpaul
Type: enhancement | Status: closed
Priority: high | Milestone: 3.0
Component: Activity | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests |
--------------------------------------+---------------------
Comment (by r-a-y):
Re-opening because at the moment, anyone can access private group activity
permalinks.
The problem is we're passing the displayed user ID instead of checking
against the current user ID in `bp_activity_user_can_read()`.
`7048-8.diff` also fixes an issue with the login URL redirect for logged-
out users.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7048#comment:31>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list