Skip to:
Content
Pages
Categories
Search
Top
Bottom

Members directory dropdown sort issue (possible bug)

  • Avatar of bp-help
    bp-help
    Participant

    @bphelp

    Hi everyone! Just wondering if sorting members alphabetically in the dropdown menu is a confirmed bug? Here is the scenario, a logged in user sorts the members directory using the drop down menu alphabetically and non-activated users that have not even activated their account are listed in the members directory. Non-activated users should not be showing up when sorted alphabetically as they are not even confirmed. If this is a bug is there a fix? If not I am attempting to code one even though I have not found any documentation regarding this issue! If anyone has info on this it will be appreciated. If this is a confirmed bug with a fix please let me know so I do not needlessly submit a patch. Thanks everyone!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Avatar of bp-help
    bp-help
    Participant

    @bphelp

    Sorry meant to post in “How to & troubleshooting” either way, Can anyone confirm this issue as a bug and if there may be a ticket for it in trac? Thanks!

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    @bphelp I haven’t been able to test this for you yet but I did notice yesterday that non-activated users get given a URL which is visible to anyone. For example, if you completed the registration form on my site and chose username ‘bphelp’ – even before you click on the link in the activation email you will be able to go to

    mysite.com/members/bphelp

    Here you’d see: Your name, the mystery man avatar etc.

    Imagine a site that has lots of spam signups. They’d have hundreds if not thousands on unused URLs.

    How is this currently handled by BP?

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @henrywright-1
    I would suppose it is handled by the registration since a non-activated user is issued a URL. To me this seems like a security issue but I would like to get more feedback on this. Thanks!

    Avatar of Henry
    Henry
    Participant

    @henrywright-1

    @bphelp I’ve seen websites that grant login access even before the account has been activated. Twitter is an example.

    Thinking about the profile URL being created – Although BP doesn’t give login access, the fact that a profile URL is created opens up opportunities. For example, on registration submit you could add an action that redirects the user to their profile URL. They’ll be logged out of course, but nothing to stop you displaying a template notice like “Your page awaits you. Just activate you account then you can log in”

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    Still waiting for confirmation if this is a known bug? I really don’t think users that have not activated their account with the activation email should be showing up in the members directory when sorting the members alphabetically because logically they should not be considered members until they have completed the registration and activation process. Any thoughts?

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.