MantisBT - Piwigo
View Issue Details
0002887Piwigouser commentspublic2013.04.10 12:142013.04.11 16:37
papa fab 
plg 
normalmajoralways
closedfixed 
WindowsWindows 7 USUltimate
2.5.0 
2.5.12.5.1 
any
MySQL 5.5.16
5.2.11
Apache/2.2.15 (Win32) mod_ssl/2.2.15 OpenSSL/0.9.8k
0002887: Comments accessible anonymously if comments author is known
In a totally private gallery browsed anonymously, if you make a search with an author name (who already had posted some comments), all his comments and the related pictures are returned.
This should happends only if you are authenticated, but it works anonymously...
* Go to http://www.domain-name.com/comments.php [^]
* Fill an author name (author who's already posted some comments)
* Submit

> All his comments and the related pictures are returned.
No tags attached.
Issue History
2013.04.10 12:14papa fabNew Issue
2013.04.10 12:14papa fabbrowser => any
2013.04.10 12:14papa fabDatabase engine and version => MySQL 5.5.16
2013.04.10 12:14papa fabPHP version => 5.2.11
2013.04.10 12:14papa fabWeb server => Apache/2.2.15 (Win32) mod_ssl/2.2.15 OpenSSL/0.9.8k
2013.04.11 16:26plgStatusnew => assigned
2013.04.11 16:26plgAssigned To => plg
2013.04.11 16:26svnCheckin
2013.04.11 16:26svnNote Added: 0006920
2013.04.11 16:28svnCheckin
2013.04.11 16:28svnNote Added: 0006921
2013.04.11 16:37plgStatusassigned => closed
2013.04.11 16:37plgResolutionopen => fixed
2013.04.11 16:37plgCategoryauthentication => user comments
2013.04.11 16:37plgFixed in Version => 2.5.1
2013.04.11 16:37plgTarget Version => 2.5.1

Notes
(0006920)
svn   
2013.04.11 16:26   
[Subversion] r22141 by plg on branch 2.5

-----[Subversion commit log]----------------------------------------------------
bug 2887 fixed: avoid private photos to be returned as results on user comment
search with the appropriate author.
(0006921)
svn   
2013.04.11 16:28   
[Subversion] r22142 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r22141 from branch 2.5 to trunk

bug 2887 fixed: avoid private photos to be returned as results on user comment
search with the appropriate author.