Retweeting does not honour send permissions.

Bug #495524 reported by GiuseppeVerde
58
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Gwibber
Confirmed
Undecided
Unassigned
gwibber (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

I've set up an "official" account and a "personal" account on Twitter. Gwibber is set up to follow both, but only to post to the personal account. However, the following retweet was sent from my official account, contrary to the permissions setup (i.e. permission to send to physihacker is not allowed):
http://twitter.com/physihacker/status/6569717668

It's either because both accounts are subscribed to the NAPress, or only physihacker. Both cases should be checked.

In addition, the purpose of the retweet is to notify my friends who might be interested and who're following my personal accounts on identi.ca, twitter, and facebook, so even limiting the posting to my very-limited offiical account wasn't what was intended.

Marking security, because this is likely to leak information at some point due to this surprising behavior (although the information is technically public).

Ryan Paul (segphault)
visibility: private → public
etali (etali)
Changed in gwibber:
status: New → Confirmed
Revision history for this message
etali (etali) wrote :

Just tested this, and can confirm that retweets do ignore posting permissions. I tried it with tweets were bot accounts were subscribed, and ones where only the restricted account subscribed. It happened in both cases.

etali (etali)
summary: - Retweeting ignores posting permissions
+ Retweeting does not require send permissions.
Changed in gwibber (Ubuntu):
status: New → Confirmed
Omer Akram (om26er)
Changed in gwibber (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Omer Akram (om26er)
summary: - Retweeting does not require send permissions.
+ Retweeting does not honour send permissions.
security vulnerability: yes → no
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.