Project

General

Profile

Actions
Copy link

Bug #7533

closed

Missing access check on gallery comment streams

Added by krileon about 5 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
krileon
Target version:
3.5.0
Start date:
18 April 2019
Due date:
% Done:

100%

Estimated time:

Description

The comment streams for per media gallery entries for group galleries is not having its create access checked to ensure the person commenting is a member of the group.

https://www.joomlapolis.com/forum/153-professional-member-support/240873-groupjive-and-cb-gallery#311923

Actions
Copy link
 #1

Updated by krileon about 5 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Multi-part fix. Requires improvements in CB Activity to handle a "parent" value for streams, which is the parent asset for the stream. The parent can then be checked for access permissions. This is fixed for all GJ comment streams requiring release of GJ, CB Activity, and CB Auto Actions. Note it will not be entirely fixed until CB Activity 5.0.0 is released.

Actions
Copy link
 #2

Updated by krileon almost 3 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF