Any logged in member can view recient posts and see the titles of any posts made by moderators and adminisrators in our private forums.
This wouldn't be so bad other than we generally post admin topics such as:
'JoeHacker (0006734) Pirate???'
In our failing attempt to keep our forums clean of trash. Sometimes we are wrong about these things, most of the time we are right, but we post these things to make sure all the signs are there before just kicking someone from the server.
IF users found out about this, we could have quite a few pissed off users...
Is this happening to anyone else?
[This message was edited by Charles Capps on August 19, 2002 at 10:21 AM.]
Good catch, I think the following in public_user_posts.pl fixes it: Find:<pre> next unless $user_permissions->has_permission("forum", "view", $f);</pre>Replace with:<pre> next unless $user_permissions->has_permission("forum", "view", $f) == 1;</pre>
I'm not sure if that's the correct fix (UBB::SecurityToken::has_permission() is not easy to understand), but there are other places in the script where has_permission() is checked in a similar manner. Those could have the same problem (if it is a problem).
Doh! Thought it was obvious that I was using the latest version as it just came out yesterday <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> I yell at my own users for not stating the obvious because most of the time what ya think is the obvious ain't <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />
Anywho, yeah, when you go to user profile and check latest posts, you'll see some of these. It doesn't show up in Todays Active Topics or other searches, but it does show up there.
LK -- I'm going to see if your hack works...we've gone back and changed all the private admin message titles, but this might help so if we forget <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" /> Thanks!
has_permission can only return -2, -1, 0, undef, 1, 2, 3, and 4 when called for forum access. -2, -1, 0, and undef should all be false values for the unless check, which makes the > 0 bit a bit redundant...
clif, please open a support ticket (link in my sig)... include ATTN: Charles in the body, along with this URL:
I would *love* to know when this issue has been resolved so I can update from 6.2.x <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />