Group member search json script reveals user information

Bug #772174 reported by Richard Mansfield on 2011-04-28
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Richard Mansfield
1.3
High
Richard Mansfield

Bug Description

The script group/membersearchresults.php, should only return a list of user ids and names, but gives out more user information than it should, such as email addresses. Similar to bug #772160.

Only affects 1.3+. In previous versions the script was not used for the userlist pieform element & only returned html.

CVE References

Revision history for this message
Richard Mansfield (richard-mansfield) wrote :
visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers