messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

elgg-gitbot · 2013-02-16T20:15:31Z

Original ticket http://trac.elgg.org/ticket/4879 on 42758422-08-14 by trac user coldtrick, assigned to unknown.

Elgg version: 1.8

It is possible to go (as a regular user) to the inbox page of another user. You will not see any messages, but you should not even be allowed to access those pages. This applies to both the inbox and the sent items page.

elgg-gitbot · 2013-02-17T20:51:47Z

trac user coldtrick wrote on 42758520-04-02

pull request: #397

elgg-gitbot · 2013-02-17T20:51:48Z

trac user Evan Winslow wrote on 42777065-04-29

Merge pull request #397 from jdalsem/#4879-unwanted-access-to-messages-pages

Fixes #4879: unwanted access to messages pages
Changeset: 0f3124c

elgg-gitbot · 2013-02-17T20:51:48Z

Milestone changed to Elgg 1.8.9 by cash on 42939833-06-11

…-messages-pages Fixes Elgg#4879: unwanted access to messages pages

elgg-gitbot mentioned this issue Feb 16, 2013

incorrect usage of elgg_get_entities_* parameters (Trac #4880) #4880

Closed

elgg-gitbot closed this Feb 17, 2013

brettp pushed a commit to brettp/Elgg that referenced this issue Feb 21, 2013

Merge pull request Elgg#397 from jdalsem/Elgg#4879-unwanted-access-to…

0f3124c

…-messages-pages Fixes Elgg#4879: unwanted access to messages pages

Elgg / Elgg Public

messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

elgg-gitbot commented Feb 16, 2013

elgg-gitbot commented Feb 17, 2013

elgg-gitbot commented Feb 17, 2013

elgg-gitbot commented Feb 17, 2013

Elgg / Elgg Public

messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

Comments

elgg-gitbot commented Feb 16, 2013

elgg-gitbot commented Feb 17, 2013

elgg-gitbot commented Feb 17, 2013

elgg-gitbot commented Feb 17, 2013