[#22638] - [com_privacy] Requests can be made for email addresses that are not registered users
- Closed
- 15 Oct 2018
- Medium
- Build: staging
- # 22638
Steps to reproduce the issue
Is this meant to be this way?
"Submitting information requests through the frontend is restricted to authenticated users at this time" and then Privacy Requests can be made for email addresses that are not registered users, even made up users...
Seems strange.
If "Submitting information requests through the frontend is restricted to authenticated users at this time" then surely the email address field should be prefilled with the logged in user, or even removed completely and the logged in users email used?
Security issue forked to private repo https://github.com/joomla/cms-security/issues/281 @joomla/security .
joomla-cms-bot
- | Labels |
Added:
?
|
||
and such a shame that in the entire alpha, beta and multiple RC releases the @joomla/security team did not test this at all
Factually incorrect.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-10-15 11:07:40 |
| Closed_By | ⇒ | PhilETaylor |
See joomla-projects/privacy-framework#225
and such a shame that in the entire alpha, beta and multiple RC releases the @joomla/security team did not test this at all