Ticket #1718 (closed Unconfirmed Defect: fixed)

Opened 16 months ago

Last modified 13 months ago

security-hole in messageboard plugin

Reported by: fuhrmara@… Owned by:
Priority: major Milestone:
Component: Message Board Version:
Severity: Keywords:
Cc: brettp

Description (last modified by dave) (diff)

you can access all messageboard by giving the url

/your-elgg-site/pg/messageboard/username

even if you logged out.

the access-setting have no effec.

Change History

Changed 14 months ago by marcus

  • description modified (diff)

Is this still the case on latest SVN?

Changed 14 months ago by marcus

  • priority changed from critical to major

Changed 14 months ago by gabrielinux

Confirmed, still happening as of January 28.

Changed 13 months ago by dave

  • status changed from new to closed
  • resolution set to fixed
  • description modified (diff)

This no longer happens in SVN - will come out v1.5.

Note: See TracTickets for help on using tickets.