Userlist element json script reveals user information

Bug #772160 reported by Richard Mansfield on 2011-04-28
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Richard Mansfield
1.2
High
Richard Mansfield
1.3
High
Richard Mansfield

Bug Description

The script json/usersearch.php, used by the 'userlist' pieform element to do user searches, should only return a list of user ids and names, but gives out more user information than it should, such as email addresses.

CVE References

Revision history for this message
Richard Mansfield (richard-mansfield) wrote :
Revision history for this message
Richard Mansfield (richard-mansfield) wrote :
visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers