Skip to:
Content

BuddyPress.org

Opened 14 years ago

Closed 14 years ago

#3211 closed defect (bug) (fixed)

Activity permalink screen doesn't check the author of the activity update

Reported by: r-a-y's profile r-a-y Owned by: djpaul's profile DJPaul
Milestone: 1.5 Priority: normal
Severity: Version: 1.5
Component: Activity Keywords: has-patch
Cc:

Description

The default activity permalink looks like:
http://testbp.org/activity/p/99923/

BP's activity router redirects this to:
http://testbp.org/members/johnjamesjacoby/activity/99923

However, no check is done on the author (in this case "johnjamesjacoby"), so I can do this:
http://testbp.org/members/ANYTHINGHERE/activity/99923

And it will still work.

Attached patch fixes this.

Attachments (1)

3211.01.patch (528 bytes) - added by r-a-y 14 years ago.

Download all attachments as: .zip

Change History (7)

@r-a-y
14 years ago

#1 @Dennissmolek
14 years ago

The weird stuff yall find blows my mind..

#2 @DJPaul
14 years ago

  • Milestone changed from Awaiting Review to 1.3

This needs to be addressed with #3176.

#3 @r-a-y
14 years ago

See my comment in #3176.

This ticket stands alone.

#4 @DJPaul
14 years ago

If the URL is wrong, the URL is wrong and should 404, not redirect silently to the home page. Master ticket for the redirect issue is #3280

#5 @DJPaul
14 years ago

  • Owner set to DJPaul
  • Status changed from new to accepted

#6 @DJPaul
14 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

Good news, everyone! This was fixed in r4506

Note: See TracTickets for help on using tickets.