Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 36 by Mariusz.Jakubowski.79: reply to non-your email
http://code.google.com/p/django-messages/issues/detail?id=36
You can reply to an email that you're not recipient. To reproduce: create
an email from user2 to user 3, then login as user1 and enter reply url with
id of created message. A reply form will show with message from user2.
Example test case:
user1 = User.objects.create(username="user1", password="xxx")
user2 = User.objects.create(username="user2", password="xxx")
message = Message.objects.create(sender=user2, recipient=user2)
c = Client()
c.login(username="user1", password="xxx")
response = c.get("/messages/reply/%d/" % (message.id))
response.status_code
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pinax-updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/pinax-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
