I have been testing out Group Privacy on my test site. I created some content wich was gor Group Access only, and then logges on as a test user... I left the group, but even after logging out and upgrading I was stillable to log on as the user and see the private content.
This is a really serious issue. Has anyone else come across this?
Any help in resolving it would be VERY welcome.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Kevin Jardine@kevin
Kevin Jardine - 0 likes
- Cash@costelloc
Cash - 0 likes
- Mark Bridges@MisterBridges
Mark Bridges - 0 likes
- Cash@costelloc
Cash - 0 likes
- Mark Bridges@MisterBridges
Mark Bridges - 0 likes
- Cash@costelloc
Cash - 0 likes
- Mark Bridges@MisterBridges
Mark Bridges - 0 likes
You must log in to post replies.Admins can see everything. Is your test user an admin?
Known bug in elgg - people do not get removed from group access lists even after leaving a group. I think I already fixed this for the 1.7 release.
Oh Cash, I hope so, I really, really hope so...
Group Access is a very important issue for many of my potential users - as is personal privacy too. My groups will often have to ballance their public face with their private inner workings.
Roll on elgg 1.7!!
It's fixed: http://trac.elgg.org/elgg/changeset/3741
Hi Cash... a little knowledge is generally a dangerous thing... I replaced my group.php and now my site is dead... I put the original group.php back... still nothing.
Humph... not sure what to do now :(
How could somthing like this have such an effect?
Make sure you did not create any other files in the engine/lib directory
Also, check out this doc page: http://docs.elgg.org/wiki/White_page
Cheers Cash, I made a copy of the file in the same folder before adding the new one... must have been the problem... phewwwww :)
Thanks for that wiki link as well... interesting tip about diabling a plugin etc there...