[buddypress-trac] [BuddyPress Trac] #7816: Search retrieves users with field visibility adminsonly for non-admins

buddypress-trac noreply at wordpress.org
Fri May 11 13:18:26 UTC 2018


#7816: Search retrieves users with field visibility adminsonly for non-admins
-----------------------------+-----------------------------
 Reporter:  gheebuttersnaps  |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Core             |    Version:
 Severity:  normal           |   Keywords:
-----------------------------+-----------------------------
 The search function appears to behave not as expected.

 Members are able to hide certain information from other members. For
 example one member can set their profile field current location to
 “adminsonly”. Let’s assume this example. We have user Thomas in city
 Berlin and user Peter in city Munich. Thomas decides to hide his location
 from other members and sets the field visibility to adminsonly. Now Peter
 views Thomas’ profile and is not able to see his location. So far
 everything works as expected. Now Peter uses the search function and uses
 the keyword “Berlin”. The result set contains Thomas (without displaying
 any information about the city) although Peter should not be able to know
 the city.

 Expected behaviour: The search function should only searche fields which
 are available/visible to the user conducting the search.

 This enhancement might also be relevant regarding GDPR.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7816>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list