Resolution is to check if the current user is admin but acting as pseudo for the account making the request. If the current user is Admin as pseudo use the pseudo account ID.
-- Incorrect URL in friend requests as Admin (controlling other user) https://bugs.launchpad.net/bugs/668082 You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Status in Mahara ePortfolio: New Bug description: Friendship request emails generated through an Admin account logged in as another user generate an incorrect parameter ID in the generated email URL. (user/sendmessage.php?id=30&replyto=104) This causes an Access Denied Exception when the actual user clicks the link contained in the message. // Make sure the message was sent by the user being replied to $bits = parse_url($replyto->url); parse_str($bits['query'], $params); if (empty($params['id']) || $params['id'] != $id) { throw new AccessDeniedException(get_string('cantviewmessage', 'group')); } } _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
