Project

General

Profile

Actions

Bug #7584

closed

Disable/Delete Account endpoints fail while logged out if their field is not public accessible

Added by krileon over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
Start date:
10 June 2019
Due date:
% Done:

100%

Estimated time:

Description

If the user uses the disable/delete account confirmation link while not logged in and the field is on a tab marked Registered the confirmation will always fail. The field check in the case of a valid token being supplied should only be checking if it's enabled or disabled.

https://www.joomlapolis.com/forum/255-developer-members-support/241011-cb-privacy-plugin-account-deactivation-only-works-if-user-is-logged-in#312727

Actions #1

Updated by krileon over 5 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

This will now only confirm field access if a valid token isn't provided. The token acts as a means of validation that they can disable/delete their account.

Actions #2

Updated by krileon over 5 years ago

  • Target version changed from 945 to 6.1.0
Actions #3

Updated by krileon over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF