Skip to:
Content

BuddyPress.org

Opened 6 years ago

Last modified 6 years ago

#7816 new defect (bug)

Search retrieves users with field visibility adminsonly for non-admins

Reported by: gheebuttersnaps's profile gheebuttersnaps Owned by:
Milestone: Awaiting Contributions Priority: normal
Severity: normal Version:
Component: Core Keywords:
Cc:

Description

The search function appears to behave not as expected.

Members are able to hide certain information from other members. For example one member can set their profile field current location to “adminsonly”. Let’s assume this example. We have user Thomas in city Berlin and user Peter in city Munich. Thomas decides to hide his location from other members and sets the field visibility to adminsonly. Now Peter views Thomas’ profile and is not able to see his location. So far everything works as expected. Now Peter uses the search function and uses the keyword “Berlin”. The result set contains Thomas (without displaying any information about the city) although Peter should not be able to know the city.

Expected behaviour: The search function should only searche fields which are available/visible to the user conducting the search.

This enhancement might also be relevant regarding GDPR.

Change History (6)

#1 @DJPaul
6 years ago

Are you searching as an admin user?

#2 @gheebuttersnaps
6 years ago

No, I am searching as a regular user.

#3 @boonebgorges
6 years ago

Similar to/duplicate of #6211.

Agreed that we should prioritize this.

#4 @DJPaul
6 years ago

  • Milestone changed from Awaiting Review to 3.1

#5 @DJPaul
6 years ago

  • Milestone changed from 3.1 to 4.0

Milestone renamed

#6 @DJPaul
6 years ago

  • Milestone changed from 4.0 to Awaiting Contributions
Note: See TracTickets for help on using tickets.