Reviewed: https://reviews.mahara.org/2573 Committed: http://gitorious.org/mahara/mahara/commit/fa6494a7ac8f0880dc856c9ec146e3fde24b60df Submitter: Son Nguyen ([email protected]) Branch: 1.7_STABLE
commit fa6494a7ac8f0880dc856c9ec146e3fde24b60df Author: Aaron Wells <[email protected]> Date: Tue Aug 20 19:02:19 2013 +1200 For private profiles, hide all profile information from logged-out users Bug1158625: If the user hasn't made their profile public, don't even show their pic and name to logged-out users. And in order to prevent enumeration attacks, show the same access denied screen to a logged-out user, whether they hit the URL for an exising profile or whether they entered an invalid URL. Change-Id: Ic926fde3e04a59728868fffecc9272136fb83855 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1158625 Title: Make profile information not avaialble for public when not shared Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.5 series: Fix Committed Status in Mahara 1.6 series: Fix Committed Status in Mahara 1.7 series: Fix Committed Bug description: From at least Mahara 1.6 on, very basic information about a user (profile picture, name, institution) is made public when public pages are allowed. This information is displayed even when the user hasn't shared their portfolio with the public. This came about when changes were made to the logged-in user profile access. In the past (at least up to 1.4), you only saw the login screen when you tried to access a profile of a user but were not logged in. This should be the case again. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1158625/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
