Opened 10 years ago

Closed 10 years ago

#645 closed bug (fixed)

comments are public!

Reported by: philipp Owned by: jeanyves
Priority: critical Milestone: 0.6.1-long
Component: BW Profile Keywords:
Cc: jeanyves, midsch, guaka

Description

Currently you can read all comments on a public profile even when you are not logged in. The comments from members who did not set their profile to public are definitely something we must hide.

Change History (7)

comment:1 Changed 10 years ago by jeanyves

Argh, definitively this is a problem

I can solve it today if I can find one hour during my work day (since it is old BW code, its is just needed to check if the member profile is public when the page viewcomments.php is viewed by a not logged member)

comment:2 Changed 10 years ago by jeanyves

  • follow_up changed from none to test on alpha
  • Status changed from new to assigned

It was really a small fix (I wrongly programmed it to allow comments to be visible for public profile, I see it was a stupid idea). I have removed the test.

It is on Alpha (I skipped the test on test, but I did it myself).

It works on test but the MustLogin?() old BW function sucks on Alpha for a reason I don't understand. Anyway, this protects the privacy, may be it could be moved to production anyway

comment:3 Changed 10 years ago by philipp

Not working for me on alpha. Comments are not displayed but instead I get an error message:

Warning: Cannot modify header information - headers already sent by (output started at /home/bwrox/alpha.bewelcome.org/htdocs/bw/layout/viewcomments.php:127) in /home/bwrox/alpha.bewelcome.org/htdocs/bw/lib/rights.php on line 54

comment:4 Changed 10 years ago by midsch

  • follow_up changed from test on alpha to review code

We're talking about this link http://test.bewelcome.org/bw/viewcomments.php?cid=89 where the cid is from a non-public profile? Than I get the same error message on alpha and production, but on test I'm redirected to the loginpage (which is fine).

comment:5 Changed 10 years ago by midsch

The Milestone is probably wrong here?

comment:6 Changed 10 years ago by micha

Sorry to say that, but I propose to work on the new member-app. The profile is nearly working.

comment:7 Changed 10 years ago by philipp

  • follow_up changed from review code to none
  • Resolution set to fixed
  • Status changed from assigned to closed

thats true, main problem is fixed, lets see how it works with the new one, closing thins

Note: See TracTickets for help on using tickets.