Opened 15 years ago
Closed 15 years ago
#1263 closed defect (bug) (fixed)
Check $show_for_displayed_user on new nav_item
Reported by: | johnjamesjacoby | Owned by: | johnjamesjacoby |
---|---|---|---|
Milestone: | 1.1.2 | Priority: | critical |
Severity: | Version: | ||
Component: | Keywords: | has-patch | |
Cc: |
Description
Without this, access to root level actions is still possible even if $show_for_displayed_user is false and bp_is_home() is set as the user_has_access level.
Thankfully the use of nonce's does not allow forms to be submitted.
Marked as critical since at the moment all guests and logged in users can navigate to anyone's settings screens on BP1.1.1 installs.
Attachments (1)
Change History (2)
Note: See
TracTickets for help on using
tickets.
(In [2048]) Fixes #1263 props jjj.