Not deleting posts when commanded
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gwibber |
Fix Released
|
Undecided
|
Ken VanDine | ||
gwibber (Ubuntu) |
Fix Released
|
Undecided
|
Ken VanDine |
Bug Description
When using the gear menu to delete a post (at least with Twitter and Identica), Gwibber confirms that the post has been deleted, but does not actually delete the post in the service! This false positive is likely to be *very* frustrating, as a user could post something inadvertently and think they've deleted it when they really haven't.
Steps to reproduce:
1. Send an update to Twitter or Identica.
2. Observe the post in your Gwibber stream.
3. Use the gear menu's Delete function
4. Observe notification that the post has been deleted.
5. Reload updates, or visit your profile on one of the services.
6. Observe that the message is still there.
I'm calling this a security vulnerability because the user could accidentally disclose information and Gwibber makes them think they've resolved the disclosure when they really haven't.
Related branches
- gwibber-committers: Pending requested
-
Diff: 38 lines (+11/-4)2 files modifiedgwibber/actions.py (+6/-0)
gwibber/microblog/dispatcher.py (+5/-4)
visibility: | private → public |
Changed in gwibber: | |
assignee: | nobody → Ken VanDine (ken-vandine) |
Changed in gwibber (Ubuntu): | |
assignee: | nobody → Ken VanDine (ken-vandine) |
Changed in gwibber: | |
status: | New → Fix Committed |
milestone: | none → 2.31.91 |
security vulnerability: | yes → no |
Changed in gwibber: | |
status: | Fix Committed → Fix Released |
This bug was fixed in the package gwibber - 2.31.91-0ubuntu1
---------------
gwibber (2.31.91-0ubuntu1) maverick; urgency=low
* New upstream release retweet is true (Vadim Rutkovsky) (LP: #539786) gwibber- service. install
- Port twitter service to OAuth, basic auth is no longer
supported (LP: #627565)
- Delay setting the position of the vertical splitter
- Fix PerformOp for single operation, including delete and
like (LP: #616798)
- Make the string for the Translate action i18n
friendly (Vadim Rutkovsky)
- Convert identi.ca groups (!) to hashtags (#) for re-denting if
global_
- Handle null responses gracefully (James Ogley) (LP: #623309)
- recognize valid unicode URLs (LP: #333390)
- Don't crash if there is an invalid value for a preference (LP: #623335)
* debian/
- Install files needed for twitter oauth
-- Ken VanDine <email address hidden> Mon, 23 Aug 2010 23:35:05 -0400