mahara-contributors team mailing list archive

Thread
Date

[Bug 1600069] Re: See other's profile images one is not meant to

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Fri, 21 Oct 2016 03:20:05 -0000
Reply-to: Bug 1600069 <1600069@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1600069

Title:
  See other's profile images one is not meant to

Status in Mahara:
  Fix Released
Status in Mahara 15.04 series:
  Fix Released
Status in Mahara 15.10 series:
  Fix Released
Status in Mahara 16.04 series:
  Fix Released

Bug description:
  As part of the follow on from this bug:
  https://bugs.launchpad.net/mahara/+bug/1211758

  I notice that it is possible to see profile images of other users that
  one isn't meant to.

  Demo:
  Login as User A and upload two profile icons - set one to be default
  make note of the artefact id's

  Login as User B then go to the url:

  thumb.php?type=profileiconbyid&maxwidth=150&id=[id from above]

  You should only be allowed to see the icon that is set to the default
  icon but you can see both

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1600069/+subscriptions