Check edit permissions in blog index.json.php

Bug #771644 reported by Richard Mansfield
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Richard Mansfield
Fix Released
Richard Mansfield

Bug Description

The script is for post pagination by the blog owner and needs to check that the logged-in user has permission to edit the blog before returning any data. Similar problem to bug #771623.

Does not affect Mahara 1.2 which does permission checks inside the get_posts method of the ArtefactTypeBlogPost class.

CVE References

Revision history for this message
Richard Mansfield (richard-mansfield) wrote :
visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.