Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
1.Write a confidential text and save
2. Login as other user and click on quote
No confidential informations
The confidential text is included
Joomla version: 3.5.1 and 3.6.0 Alpha-2
Kunena version: 4.0.10 , 4.0.11-DEV , 5.0.0-RC-DEV
Template: Blue Eagle and Crypsis
Php version: 5.6
The text was updated successfully, but these errors were encountered:
Oh my God! I just saw this. This means that anyone who is able to use the QUOTE feature can now see any "confidential" information posted by others! This is quite a security problem.
The most important target at this time is to fix this first for K 4.0. I will also check to see if K 3.0.8 is vulnerable.
EDIT: K 3.0.8 is not affected
Sorry, something went wrong.
Confidential informations : With quote button all users can see it Ku…
Confidential informations : With quote button all users can see it #3990
Successfully merging a pull request may close this issue.