mahara-contributors team mailing list archive

Thread
Date

[Bug 668082] Re: Incorrect URL in friend requests as Admin (controlling other user)

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <668082@xxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Apr 2011 04:25:51 -0000
Reply-to: Bug 668082 <668082@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for Mahara because there has been no activity for 60 days.]

** Changed in: mahara
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/668082

Title:
  Incorrect URL in friend requests as Admin (controlling other user)

Status in Mahara ePortfolio:
  Expired

Bug description:
  Emails generated through an Admin account logged in as another user
  generate an incorrect parameter ID in the generated email URL.
  (user/sendmessage.php?id=30&replyto=104)

  This causes an Access Denied Exception when the actual user clicks the
  link contained in the message.

  // Make sure the message was sent by the user being replied to
      $bits = parse_url($replyto->url);
      parse_str($bits['query'], $params);
      if (empty($params['id']) || $params['id'] != $id) {
          throw new AccessDeniedException(get_string('cantviewmessage', 'group'));
      }
  }

References

[Bug 668082] [NEW] Incorrect URL in friend requests as Admin (controlling other user)
From: Julian Charles, 2010-10-28