Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

#1263 closed defect (bug) (fixed)

Check $show_for_displayed_user on new nav_item

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 1.1.2 Priority: critical
Severity: Version:
Component: Keywords: has-patch
Cc:

Description

Without this, access to root level actions is still possible even if $show_for_displayed_user is false and bp_is_home() is set as the user_has_access level.

Thankfully the use of nonce's does not allow forms to be submitted.

Marked as critical since at the moment all guests and logged in users can navigate to anyone's settings screens on BP1.1.1 installs.

Attachments (1)

bp_core_new_nav_item-jjj.patch (582 bytes) - added by johnjamesjacoby 15 years ago.

Download all attachments as: .zip

Change History (2)

#1 @apeatling
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2048]) Fixes #1263 props jjj.

Note: See TracTickets for help on using tickets.