Group Name Guessing Disclosure Policy
Frédéric Buclin
lpsolit at gmail.com
Mon Jul 19 23:05:03 UTC 2010
Le 20. 07. 10 01:01, Max Kanat-Alexander a écrit :
> But it is when you're writing an arbitrary method, from a software
> design perspective. We shouldn't be writing a new function for every
> single place in the UI that can display the name of a group!
Why would you do that? The same way we don't disclose product names from
a central way ($user->can_see_product()), we can also check the
visibility of a group from a central way, say $user->can_see_group().
LpSolit
More information about the developers
mailing list