Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37164

Messaging: prevent users from interacting with themselves and guest user

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.3, 2.4
    • Fix Version/s: 2.5
    • Component/s: Messages
    • Labels:
    • Testing Instructions:
      Hide

      Log in as a user and go to your messages. Search for yourself and your guest user. Check they dont appear in the users found section.

      Search for another user. Check they appear in the users found section.

      Show
      Log in as a user and go to your messages. Search for yourself and your guest user. Check they dont appear in the users found section. Search for another user. Check they appear in the users found section.
    • Affected Branches:
      MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      MDL-37164_message_self

      Description

      In the messaging, any user can search for the guest account, or even their account. From there they can:

      • Add to contact list
      • Block contact
      • Send messages

      I think we should prevent the users from finding and interacting with themselves and they guest account. This means that hacking the user specifying their own ID or the guest account's one should not work.

      1. Go to messaging
      2. Search for 'guest'
      3. Search for <yourname>

      Actual

      • You find the guest account and yourself and can interact.

      Expected

      • You don't find yourself or the guest account

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    14/May/13