Skip to:
Content
Pages
Categories
Search
Top
Bottom

Strange bug between blog comments and the activity stream


  • mdpane
    Participant

    @mdpane

    Alright, I’m going to try and break this down the best I can. Assuming blog comments don’t have to be moderated to get posted:

    – A user ‘test’ has an account with the email ‘test@email.com’
    – Someone who isn’t logged in posts a blog comment with the same email, i.e. ‘test@email.com’
    – A new item is added to the activity stream saying the user ‘test’ added this comment, when it wasn’t them.

    So you could spoof someone if you know their email address and get a blog comment added to their activity stream even though it’s not actually them. I’ve replicated this in my test install, a clean install and on a live site. Running BuddyPress 1.5.4.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Strange bug between blog comments and the activity stream’ is closed to new replies.
Skip to toolbar