Download & Extend
RSVP » Issues

anon users can view and alter other RSVPs

Posted by mdowsett on December 8, 2008 at 3:18pm
Project:RSVP
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:critical
Assigned:ulf1
Status:closed (fixed)

Issue Summary

Anon users have access to a list of all RSVPs sent out (shown at the bottom of an event) and can RSVP on behalf of others.

Look at: http://dowsett.ca/2008/poker

There are "View Invitation" links at the bottom...

Login or register to post comments

Comments

#1

Posted by ulf1 on December 8, 2008 at 7:21pm

Thanks for reporting.

It happens if you add at least one email addresses as invitee instead of an existing user name. I will add a fix asap later today or tomorrow.

Thanks,
Ulf

#2

Posted by ulf1 on December 8, 2008 at 7:21pm
Priority:normal» critical
Assigned to:Anonymous» ulf1

#3

Posted by ulf1 on December 8, 2008 at 9:25pm
Status:active» fixed

#4

Posted by mdowsett on December 10, 2008 at 3:54am

confirmed - it seems to be fixed....and yeah, that one was critical! :)

#5

Posted by System Message on December 24, 2008 at 4:02am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.