Skip to:
Content

Opened 4 years ago

Closed 4 years ago

#2592 closed defect (bug) (fixed)

BP Group Extension Access Bug

Reported by: travel-junkie Owned by:
Milestone: 1.2.6 Priority: major
Severity: Version:
Component: Groups Keywords:
Cc:

Description

When you handtype in an url to an edit page, that has been created using the extension API, then you get access to that page even though you’re logged out.

Here's the fix. In bp-groups-classes.php around line 1026, just add

if ( !$bp->is_item_admin )
    return false;

right after this line:

if ( $this->enable_edit_item ) {

Change History (1)

comment:1 johnjamesjacoby4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3205]) Fixes #2592 props travel-junkie

Note: See TracTickets for help on using tickets.