Check whether the user has access to view userpoints or not

Bah, I guess they still haven't implemented #941158: Add permissioned wrapper to public point retrieval API eh? I don't have a D6 dev environment right now and this will need to go thru all the security rigmarole, too, so will probably be a bit. But it doesn't look like the Userpoints maintainer is going to do the sensible thing so I guess I don't have much choice.

Michelle

I'm going to bump this to D7 because it's also an issue there and AP D7 isn't a full release and we really shouldn't have an issue for a security issue in a stable release. I'll try to find some time to backport it, though. I'm not supporting D6 anymore but I can't ignore a security issue unless I'm willing to mark the release as unsupported, which will needlessly freak out 20K people who are using it just fine because of a problem that no one has complained about in over year. :(

Michelle

Will take a look at this as soon I has time for it!

@Michelle - I have a D6 dev site with AP on, so I can take a look at fix for D6 if you like.

Oh, that would be awesome! The only D6 site I still have is a live site that hasn't been touched in a _very_ long time and I'd be afraid it would totally fall to pieces if I messed with it. LOL!

Feel free to just go ahead and commit to D6 as well, for this or any other thing that comes up that you feel so inclined to take on. I just really don't have time for Author Pane, especially since Artesian won't be using it.

Thanks,

Michelle

Now fixed in D7 version. http://drupalcode.org/project/author_pane.git/commit/def3846

Also fixed in D6 version. http://drupalcode.org/project/author_pane.git/commit/032f344

Thank you! One less stress for me. :)

Michelle