← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #13882

[Bug 1158625] A change has been merged

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://reviews.mahara.org/2571
Committed: http://gitorious.org/mahara/mahara/commit/3535ecd3e4ab8202c8a52ab478436fda68a2d671
Submitter: Son Nguyen (son.nguyen@xxxxxxxxxxxxxxx)
Branch:    1.5_STABLE

commit 3535ecd3e4ab8202c8a52ab478436fda68a2d671
Author: Aaron Wells <aaronw@xxxxxxxxxxxxxxx>
Date:   Tue Aug 20 19:02:19 2013 +1200

For private profiles, hide all profile information from logged-out users

Bug1158625: If the user hasn't made their profile public, don't even show their pic and name
to logged-out users.

And in order to prevent enumeration attacks, show the same access denied screen to a
logged-out user, whether they hit the URL for an exising profile or whether they entered
an invalid URL.

Change-Id: Ic926fde3e04a59728868fffecc9272136fb83855

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1158625

Title:
  Make profile information not avaialble for public when not shared

Status in Mahara ePortfolio:
  Fix Committed
Status in Mahara 1.5 series:
  Fix Committed
Status in Mahara 1.6 series:
  Fix Committed
Status in Mahara 1.7 series:
  Fix Committed

Bug description:
  From at least Mahara 1.6 on, very basic information about a user
  (profile picture, name, institution) is made public when public pages
  are allowed. This information is displayed even when the user hasn't
  shared their portfolio with the public. This came about when changes
  were made to the logged-in user profile access.

  In the past (at least up to 1.4), you only saw the login screen when
  you tried to access a profile of a user but were not logged in. This
  should be the case again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1158625/+subscriptions
  Thread PreviousDate PreviousThread Next