Fixed Reporting from a user's profile respects user privacy settings

Xon

Well-known member
Affected version
2.2.5
PHP:
public function actionReport(ParameterBag $params)
{
   $user = $this->assertViewableUser($params->user_id);
   if (!$user->canBeReported($error))

assertViewableUser is being called with $basicProfileOnly = false

This means the members/report route only works if the user's privacy settings allow accessing the full profile page.

It doesn't make much sense to gate this behind a profile visibility check, as it is handy for custom styles to add this user report link elsewhere.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.6).

Change log:
Allow users to be reported regardless of their profile privacy settings
There may be a delay before changes are rolled out to the XenForo Community.
 
Back
Top Bottom