Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

#2336 closed defect (bug) (fixed)

Leave/join group not checking url nonces; no noscript support for leaving groups

Reported by: boonebgorges's profile boonebgorges Owned by:
Milestone: 1.2.4 Priority: critical
Severity: Version:
Component: Core Keywords: has-patch needs-testing
Cc: boonebgorges@…

Description

Two problems:

1) Realized when looking at #2329 that the nonce wasn't being checked when a user tried to join a group with a form submit (ie without ajax).

2) In turn, realized that there was no group-leaving counterpart of groups_action_join_group, which means that it was impossible to leave a group without Javascript or via URL.

Patch attached

Attachments (1)

join_leave_group_fixes.diff (1.6 KB) - added by boonebgorges 15 years ago.

Download all attachments as: .zip

Change History (5)

#1 follow-up: @boonebgorges
15 years ago

  • Milestone changed from 1.3 to 1.2.4
  • Priority changed from major to critical

Bumping to 1.2.4 as it seems pretty important to me and is a relatively small fix.

#2 @boonebgorges
15 years ago

  • Cc boonebgorges@… added

#3 in reply to: ↑ 1 @wpmuguru
15 years ago

Replying to boonebgorges:

Bumping to 1.2.4 as it seems pretty important to me and is a relatively small fix.

I concur.

#4 @johnjamesjacoby
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2955]) Fixes #2336 props boonebgorges (turkey!)

Note: See TracTickets for help on using tickets.