Comment 5 for bug 1158625
Revision history for this message
| Mahara Bot (dev-mahara) wrote A change has been merged | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Reviewed: https:/
Committed: http://
Submitter: Son Nguyen (<email address hidden>)
Branch: 1.5_STABLE
commit 3535ecd3e4ab820
Author: Aaron Wells <email address hidden>
Date: Tue Aug 20 19:02:19 2013 +1200
For private profiles, hide all profile information from logged-out users
Bug1158625: If the user hasn't made their profile public, don't even show their pic and name
to logged-out users.
And in order to prevent enumeration attacks, show the same access denied screen to a
logged-out user, whether they hit the URL for an exising profile or whether they entered
an invalid URL.
Change-Id: Ic926fde3e04a59