Check edit permissions in blog index.json.php

Bug #771644 reported by Richard Mansfield on 2011-04-27
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Richard Mansfield
1.3
High
Richard Mansfield

Bug Description

The script is for post pagination by the blog owner and needs to check that the logged-in user has permission to edit the blog before returning any data. Similar problem to bug #771623.

Does not affect Mahara 1.2 which does permission checks inside the get_posts method of the ArtefactTypeBlogPost class.

CVE References

visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers