Skip to:
Content
Pages
Categories
Search
Top
Bottom

BP Group Extension Bug

  • Avatar of Travel-Junkie
    Boris
    Participant

    @travel-junkie

    The last couple months I’ve only worked with the latest SVN. Haven’t even looked at the stable branch once, so if someone else could check this bug, that’d be awesome. Basically, when you handtype in an url to the edit page, that has been created using the extension API, then you get access to that page even though you’re logged out. That shouldn’t happen. Depending on what you use it for, there might be some confidential information present.

    It’s easy to fix as well. In bp-groups-classes.php around line 1026, just add

    if ( !$bp->is_item_admin )
    return false;

    right after this line:

    if ( $this->enable_edit_item ) {

    So yeah, if someone could get back with a confirmation, I’ll open a new ticket.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.