Elgg 2.0.0-alpha.3 is now available for download. This pre-release is meant for early testers and plugin developers. Please do not use it in production.
::installDir()
to Directory\Local::root()
in CLI server (1e1f446b)Fixes #8862 (67cff474)
Here we bypass the separate owner container check if the desired owner_guid is the logged in user GUID. This eliminates the check under all normal circumstances but leaves it in place in case a poorly coded plugin allows the impersonation described above.
This also denies creation if the owner/container GUIDs are set but can't be loaded. Before, create() would simply bypass the permissions check if it couldn't load the owner/container.
Fixes #4231 (5adf98fd)
You may access it at https://github.com/Elgg/categories
Fixes #7584 (ba0c12f2)
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
The comments section doesn't have a "promote to new discussion feature". Seems like we need that :)