#3767 closed defect (bug) (worksforme)
1.5.1: Activity stream for private groups displayed to everyone!
Reported by: | johjoergensen | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | critical | Version: | 1.5.1 |
Component: | Groups | Keywords: | |
Cc: |
Description
I just realized that when logged out, the activity stream for private groups is displayed!
This is a serious security concern!
I run WP 3.2.1 + BP 1.5.1
Change History (6)
#1
@
13 years ago
- Keywords needs-patch removed
- Resolution set to worksforme
- Status changed from new to closed
#3
@
13 years ago
Well, you can run a sql query. It will look something like this. (Assuming here that your group id is 67, and that the prefix on your db tables is wp_.)
UPDATE wp_bp_activity SET hide_sitewide = 1 WHERE component = 'groups' AND item_id = 67;
WARNING! If you are going to run direct queries, do a backup first! Do not simply cut and paste what I've written here, as there is no UNDO - show it first to a friend who understands MySQL!!!
I can't reproduce this.
I'm guessing that you created activity in a public group, and then changed the group to private. When changing the privacy settings on a group, previously created group activity content does not have its visibility changed.
If I'm mistaken about this, and you can provide detailed steps to reproduce the issue, please reopen the ticket and provide those instructions.