Skip to:
Content

Opened 5 years ago

Last modified 4 years ago

#2485 new defect

bbp_forum_enforce_hidden() should return 403

Reported by: wpdennis Owned by: johnjamesjacoby
Milestone: 2.7 Priority: lowest
Severity: trivial Version:
Component: Component - Forums Keywords:
Cc:

Description

If we use hidden or private forums and the requesting user is not allowed to see them, bbPress returns 404, File Not Found:

if ( !empty( $forum_id ) && bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
		bbp_set_404();

Response code 403 would be more correct:

"A web server may return a 403 Forbidden HTTP status code in response to a request from a client for a web page or resource to indicate that the server can be reached and understood the request, but refuses to take any further action."

It's confusing to see a 404 if you're not logged in and the most sitemaps will contain the internal topics, too. Sending a lot of 404 URLs to search engine isn't a good idea. 403 is not optimal either, but would be a more appropiate.

Change History (3)

#1 @johnjamesjacoby
5 years ago

  • Milestone changed from Awaiting Review to 2.6

You're right. Moving to 2.6.

#2 @johnjamesjacoby
5 years ago

  • Owner set to johnjamesjacoby

#3 @netweb
4 years ago

  • Milestone changed from 2.6 to 2.7

Punting 2.6 tickets without a patch to 2.7

Note: See TracTickets for help on using tickets.