[buddypress-trac] [BuddyPress Trac] #7816: Search retrieves users with field visibility adminsonly for non-admins
buddypress-trac
noreply at wordpress.org
Fri May 11 13:18:26 UTC 2018
#7816: Search retrieves users with field visibility adminsonly for non-admins
-----------------------------+-----------------------------
Reporter: gheebuttersnaps | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version:
Severity: normal | Keywords:
-----------------------------+-----------------------------
The search function appears to behave not as expected.
Members are able to hide certain information from other members. For
example one member can set their profile field current location to
“adminsonly”. Let’s assume this example. We have user Thomas in city
Berlin and user Peter in city Munich. Thomas decides to hide his location
from other members and sets the field visibility to adminsonly. Now Peter
views Thomas’ profile and is not able to see his location. So far
everything works as expected. Now Peter uses the search function and uses
the keyword “Berlin”. The result set contains Thomas (without displaying
any information about the city) although Peter should not be able to know
the city.
Expected behaviour: The search function should only searche fields which
are available/visible to the user conducting the search.
This enhancement might also be relevant regarding GDPR.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7816>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list