Blog Documentation Book a Demo
Vanilla open source was terminated 1 January 2025 by Higher Logic. See this announcement for more information.

Bug: "Remove Picture" appears for everyone

FacialTurdFacialTurd
edited November 2009 in Vanilla 2.0 - 2.8
On any profile page, when not logged in or logged in as another user, the "Remove Picture" link shows in the sidebar. Clicking it will result in a Permission Denied error.


Line 483 of applications/garden/controllers/profile.php $SideMenu->AddLink('Options', 'Remove Picture', '/profile/removepicture/'.$this->User->UserID.'/'.$Session->TransientKey(), FALSE, array('class' => 'RemovePictureLink'));
This should be corrected to
$SideMenu->AddLink('Options', 'Remove Picture', '/profile/removepicture/'.$this->User->UserID.'/'.$Session->TransientKey(), 'Garden.Users.Edit', array('class' => 'RemovePictureLink')); (Note the change of the fourth parameter (Required permission) from 'FALSE' to 'Garden.Users.Edit')

Comments

Sign In or Register to comment.