Check edit permissions in blog index.json.php

Bug #771644 reported by Richard Mansfield on 2011-04-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Richard Mansfield
Richard Mansfield

Bug Description

The script is for post pagination by the blog owner and needs to check that the logged-in user has permission to edit the blog before returning any data. Similar problem to bug #771623.

Does not affect Mahara 1.2 which does permission checks inside the get_posts method of the ArtefactTypeBlogPost class.

CVE References

Revision history for this message
Richard Mansfield (richard-mansfield) wrote :
visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers