Topic: BP Group Extension Bug · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

BP Group Extension Bug

Boris
Participant

@travel-junkie

13 years, 8 months ago

The last couple months I’ve only worked with the latest SVN. Haven’t even looked at the stable branch once, so if someone else could check this bug, that’d be awesome. Basically, when you handtype in an url to the edit page, that has been created using the extension API, then you get access to that page even though you’re logged out. That shouldn’t happen. Depending on what you use it for, there might be some confidential information present.

It’s easy to fix as well. In bp-groups-classes.php around line 1026, just add

if ( !$bp->is_item_admin )
return false;

right after this line:

if ( $this->enable_edit_item ) {

So yeah, if someone could get back with a confirmation, I’ll open a new ticket.

Viewing 2 replies - 1 through 2 (of 2 total)

r-a-y
Keymaster

@r-a-y

13 years, 8 months ago

Good catch, travel-junkie.
I can duplicate the bug on BP 1.2.5.2.

Boris
Participant

@travel-junkie

13 years, 8 months ago

Allright! Cheers r-a-y. Here’s the ticket: https://trac.buddypress.org/ticket/2592

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘BP Group Extension Bug’ is closed to new replies.