Retweeting does not honour send permissions.

Bug #495524 reported by GiuseppeVerde on 2009-12-11
58
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Gwibber
Undecided
Unassigned
gwibber (Ubuntu)
Medium
Unassigned

Bug Description

I've set up an "official" account and a "personal" account on Twitter. Gwibber is set up to follow both, but only to post to the personal account. However, the following retweet was sent from my official account, contrary to the permissions setup (i.e. permission to send to physihacker is not allowed):
http://twitter.com/physihacker/status/6569717668

It's either because both accounts are subscribed to the NAPress, or only physihacker. Both cases should be checked.

In addition, the purpose of the retweet is to notify my friends who might be interested and who're following my personal accounts on identi.ca, twitter, and facebook, so even limiting the posting to my very-limited offiical account wasn't what was intended.

Marking security, because this is likely to leak information at some point due to this surprising behavior (although the information is technically public).

Ryan Paul (segphault) on 2010-02-17
visibility: private → public
etali (etali) on 2010-04-13
Changed in gwibber:
status: New → Confirmed
etali (etali) wrote :

Just tested this, and can confirm that retweets do ignore posting permissions. I tried it with tweets were bot accounts were subscribed, and ones where only the restricted account subscribed. It happened in both cases.

etali (etali) on 2010-04-13
summary: - Retweeting ignores posting permissions
+ Retweeting does not require send permissions.
Changed in gwibber (Ubuntu):
status: New → Confirmed
Omer Akram (om26er) on 2010-04-13
Changed in gwibber (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Omer Akram (om26er) on 2010-05-06
summary: - Retweeting does not require send permissions.
+ Retweeting does not honour send permissions.
security vulnerability: yes → no
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers