Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37164

Messaging: prevent users from interacting with themselves and guest user

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.5
    • 2.3.3, 2.4
    • Messages
    • MOODLE_23_STABLE, MOODLE_24_STABLE
    • MOODLE_25_STABLE
    • MDL-37164_message_self
    • Hide

      Log in as a user and go to your messages. Search for yourself and your guest user. Check they dont appear in the users found section.

      Search for another user. Check they appear in the users found section.

      Show
      Log in as a user and go to your messages. Search for yourself and your guest user. Check they dont appear in the users found section. Search for another user. Check they appear in the users found section.

      In the messaging, any user can search for the guest account, or even their account. From there they can:

      • Add to contact list
      • Block contact
      • Send messages

      I think we should prevent the users from finding and interacting with themselves and they guest account. This means that hacking the user specifying their own ID or the guest account's one should not work.

      1. Go to messaging
      2. Search for 'guest'
      3. Search for <yourname>

      Actual

      • You find the guest account and yourself and can interact.

      Expected

      • You don't find yourself or the guest account

        1. 0001-MDL-37164-message-Searching-for-users-does-not-retur.patch
          4 kB

            andyjdavis Andrew Davis
            fred Frédéric Massart
            Rajesh Taneja Rajesh Taneja
            Damyon Wiese Damyon Wiese
            Jason Fowler Jason Fowler
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.