Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

messages: Unwanted access of inbox and sent messages pages (Trac #4879) #4879

Closed
elgg-gitbot opened this issue Feb 16, 2013 · 3 comments
Closed
Labels
Milestone

Comments

@elgg-gitbot
Copy link

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Original ticket http://trac.elgg.org/ticket/4879 on 42758422-08-14 by trac user coldtrick, assigned to unknown.

Elgg version: 1.8

It is possible to go (as a regular user) to the inbox page of another user. You will not see any messages, but you should not even be allowed to access those pages. This applies to both the inbox and the sent items page.

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 17, 2013

trac user coldtrick wrote on 42758520-04-02

pull request: #397

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 17, 2013

trac user Evan Winslow wrote on 42777065-04-29

Merge pull request #397 from jdalsem/#4879-unwanted-access-to-messages-pages

Fixes #4879: unwanted access to messages pages
Changeset: 0f3124c

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 17, 2013

Milestone changed to Elgg 1.8.9 by cash on 42939833-06-11

brettp pushed a commit to brettp/Elgg that referenced this issue Feb 21, 2013
…-messages-pages

Fixes Elgg#4879: unwanted access to messages pages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

1 participant