"undefined undefined" can access it's "home page"

[GoogleCodeExporter]

Which version of OpenMeetings are you running?
r3621
What's your operating system on client and server side?
client=Windows7, server= Centos 

Not registered client can access home page and from  here see all registered 
client's profiles using the following scenario: 
1) A client connects to a restricted room with one-time invitation. The 
interface is fully restricted as designed.
2) The client opens Chat section and clicks "Send private message" to any user 
(there should be at least one message there).
3) OpenMeetings opens a "Write New Message"(screenshot1). 
4) User can click "Cancel" (or can send something). After closing "New Message 
Window" the user will be in the home page as "undefined undefined". Screenshot 
2.

Issue 1: from the home page user cannot access the conference (at least not 
easily). 
Issue 2: logged is as such, it's possible to see profiles of  all registered 
users (without emails though). Profile ->Search Users. Select a user and View 
profile.

thanks!

Original issue reported on code.google.com by uch...@gmail.com on 4 Dec 2010 at 12:02

Attachments:

• om-private1.jpg
• om-private2.jpg

[GoogleCodeExporter]

We will take care of that security hole, thanks for reporting.

Original comment by seba.wag...@gmail.com on 14 Dec 2010 at 12:00

• Changed state: Accepted
• Added labels: MileStone-Release1.7

[GoogleCodeExporter]

Original comment by seba.wag...@gmail.com on 31 Jan 2012 at 12:22

• Added labels: Restrict-AddIssueComment-Commit

[GoogleCodeExporter]

OpenMeetings moves to Apache Foundation, update your bookmarks to the new 
project page:

http://incubator.apache.org/openmeetings/

New Issue tracker is located: https://issues.apache.org/jira/browse/OPENMEETINGS

New Mailing Lists located at: 
http://incubator.apache.org/openmeetings/mail-lists.html 

Original comment by seba.wag...@gmail.com on 31 Jan 2012 at 12:25