Skip to:

Opened 14 years ago

Closed 14 years ago

#2592 closed defect (bug) (fixed)

BP Group Extension Access Bug

Reported by: travel-junkie's profile travel-junkie Owned by:
Milestone: 1.2.6 Priority: major
Severity: Version:
Component: Groups Keywords:


When you handtype in an url to an edit page, that has been created using the extension API, then you get access to that page even though you’re logged out.

Here's the fix. In bp-groups-classes.php around line 1026, just add

if ( !$bp->is_item_admin )
    return false;

right after this line:

if ( $this->enable_edit_item ) {

Change History (1)

#1 @johnjamesjacoby
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3205]) Fixes #2592 props travel-junkie

Note: See TracTickets for help on using tickets.