Skip to:
Content

BuddyPress.org

Changeset 11752


Ignore:
Timestamp:
11/29/2017 05:35:36 PM (7 years ago)
Author:
djpaul
Message:

Messages: fix reading messages by enforcing a canonical URL.

The screen loader function only checks to see whether the current user should have access to the message thread.
This change makes sure that user is viewing it at their correct URL.

This is not a security issue/fix, just a design oversight.

Fixes #7615

Props boonebgorges

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-screens.php

    r11538 r11752  
    130130
    131131    // No access.
    132     if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) {
     132    if ( ( ! messages_check_thread_access( $thread_id ) || ! bp_is_my_profile() ) && ! bp_current_user_can( 'bp_moderate' ) ) {
    133133        // If not logged in, prompt for login.
    134134        if ( ! is_user_logged_in() ) {
Note: See TracChangeset for help on using the changeset viewer.