Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: User / messaging exploit? Causing spam


Jeff Sayre
Participant

@jeffsayre

14 years, 5 months ago

@Harry (a.k.a. stripedsquirrel)

I think a very good start is that you can only message your friends. Thought that this would be already ths case, that is why I wondered how we could get spammed?

See this discussion: https://buddypress.org/forums/topic/compose-message-send-to-username

Basically, the autocomplete message recipient list only autofills from your friends list. However, anyone can message any other individual via the “Send Message” button on user’s profile screen. All that is needed for a user to send a PM is that they have a member account and that they are logged in to the system.

On a related note, my Privacy Component does have an option to filter out the “Send Message” button, making it only visible to those you choose.

Forums

Views

Feeds

Tags

404 activation Activity activity activity stream admin admin bar ajax avatar avatars bbPress blog blogs Buddypress buddypress bug child theme comments css custom directory edit email error facebook fatal error filter forum forums friends group groups header help installation link links login member members menu message Messages multisite navigation notification notifications page pages php plugin plugins post posts privacy private problem profile Profile Fields profiles redirect register registration search sidebar spam template theme themes update upgrade upload URL user username users widget widgets wordpress xprofile
Skip to toolbar