Opened 15 years ago
Closed 15 years ago
#2336 closed defect (bug) (fixed)
Leave/join group not checking url nonces; no noscript support for leaving groups
Reported by: | boonebgorges | Owned by: | |
---|---|---|---|
Milestone: | 1.2.4 | Priority: | critical |
Severity: | Version: | ||
Component: | Core | Keywords: | has-patch needs-testing |
Cc: | boonebgorges@… |
Description
Two problems:
1) Realized when looking at #2329 that the nonce wasn't being checked when a user tried to join a group with a form submit (ie without ajax).
2) In turn, realized that there was no group-leaving counterpart of groups_action_join_group, which means that it was impossible to leave a group without Javascript or via URL.
Patch attached
Attachments (1)
Change History (5)
Note: See
TracTickets for help on using
tickets.
Bumping to 1.2.4 as it seems pretty important to me and is a relatively small fix.