Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
0 registered members (), 42 guests, and 214 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Bad Frog
Bad Frog
Coast of Maine
Posts: 748
Joined: May 2008
Show All Member Profiles 
Top Posters(30 Days)
isaac 20
Gizmo 13
Ruben 11
Morgan 3
Abbott 2
Latest Photos
Testing to drag photos
Comfortable Cats
Test
BSA photos
Chinese Buddhist temple.
Previous Thread
Next Thread
Print Thread
View Recient Posts / Administrators [FIXED - 6.3.0] #109897
05/10/02 08:33 AM
05/10/02 08:33 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Just noticed by one of our mods last night...

Any logged in member can view recient posts and see the titles of any posts made by moderators and adminisrators in our private forums.

This wouldn't be so bad other than we generally post admin topics such as:

'JoeHacker (0006734) Pirate???'

In our failing attempt to keep our forums clean of trash. Sometimes we are wrong about these things, most of the time we are right, but we post these things to make sure all the signs are there before just kicking someone from the server.

IF users found out about this, we could have quite a few pissed off users...

Is this happening to anyone else?

[This message was edited by Charles Capps on August 19, 2002 at 10:21 AM.]

Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109898
05/10/02 12:25 PM
05/10/02 12:25 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Which version are you running?

You're referring to the "view recent posts" link when viewing someone's profile?

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109899
05/10/02 01:56 PM
05/10/02 01:56 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Good catch, I think the following in public_user_posts.pl fixes it: Find:<pre> next unless $user_permissions->has_permission("forum", "view", $f);</pre>Replace with:<pre> next unless $user_permissions->has_permission("forum", "view", $f) == 1;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109900
05/10/02 07:25 PM
05/10/02 07:25 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


I'm not sure if that's the correct fix (UBB::SecurityToken::has_permission() is not easy to understand), but there are other places in the script where has_permission() is checked in a similar manner. Those could have the same problem (if it is a problem).

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109901
05/11/02 01:39 AM
05/11/02 01:39 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Doh! Thought it was obvious that I was using the latest version as it just came out yesterday <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> I yell at my own users for not stating the obvious because most of the time what ya think is the obvious ain't <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />

Anywho, yeah, when you go to user profile and check latest posts, you'll see some of these. It doesn't show up in Todays Active Topics or other searches, but it does show up there.

LK -- I'm going to see if your hack works...we've gone back and changed all the private admin message titles, but this might help so if we forget <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" /> Thanks!

clif

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109902
05/11/02 02:39 AM
05/11/02 02:39 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Oops, instead of == 1, make it > 0...
<pre> next unless $user_permissions->has_permission("forum", "view", $f) > 0;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109903
05/11/02 10:10 PM
05/11/02 10:10 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


has_permission can only return -2, -1, 0, undef, 1, 2, 3, and 4 when called for forum access. -2, -1, 0, and undef should all be false values for the unless check, which makes the > 0 bit a bit redundant...

clif, please open a support ticket (link in my sig)... include ATTN: Charles in the body, along with this URL:

http://community.infopop.net/6/ubb.x?a=tpc&s=729094322&f=1863088313&m=1083036725

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109904
05/12/02 06:11 AM
05/12/02 06:11 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Quote:
-2, -1, 0, and undef should all be false values for the unless check, which makes the > 0 bit a bit redundant...
Hmmmm ... but aren't -2 and -1 interpreted as "true" in Perl?

I thought that the only expressions interpreted as false were undef, 0, "0", "" (empty string) and () (empty list).

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109905
05/12/02 07:08 AM
05/12/02 07:08 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Dave is correct. Same bug also occurs in all other forums.

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109906
05/12/02 01:53 PM
05/12/02 01:53 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


I would *love* to know when this issue has been resolved so I can update from 6.2.x <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109907
05/12/02 02:23 PM
05/12/02 02:23 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Posted in error. Disregard.

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109908
05/13/02 10:24 AM
05/13/02 10:24 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


As requested, I put in a support ticket though I'd imagine it would only be there to get into your to-do list as LK's fix works perfectly.

Thanks LK!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109909
05/13/02 01:42 PM
05/13/02 01:42 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Gargh. Mixed logic. <img src="https://www.ubbcentral.com/boards/images/graemlins/frown.gif" alt="" />

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109910
05/14/02 10:18 AM
05/14/02 10:18 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Same bug in ubb_search.cgi:<pre> if($user_permissions->has_permission('forum', 'view', $vars_forums{$number}->[8]) > 0) {</pre><pre> (!$username &#0124;&#0124; !$user_permissions &#0124;&#0124; $user_permissions->has_permission('forum', 'view', $in{search_forum}) < 0 )) {</pre><pre> next unless $user_permissions->has_permission("forum", "view", $number) > 0;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109911
05/14/02 10:29 AM
05/14/02 10:29 AM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


grep found "has_permission" in the following files:

cgi-binubb_lib_pntf.cgi:
cgi-binubb_lib_secgroups.cgi:
cgi-binubb_poll.cgi:
cgi-binubb_profile.cgi:
cgi-binubb_search.cgi:
noncgiTemplatespublic_avatar_select.pl:
noncgiTemplatespublic_edit_profile.pl:
noncgiTemplatespublic_user_posts.pl:

I'd suggest checking all of them. <img src="https://www.ubbcentral.com/boards/images/graemlins/wink.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109912
05/14/02 12:55 PM
05/14/02 12:55 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Double post :/

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109913
05/14/02 12:57 PM
05/14/02 12:57 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Cool, so it IS possible to check if the user can access forum page in PNTF!! <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> <pre> } elsif(((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (ref($perms) =~ m/UBB::SecurityToken/) && (!$perms->has_permission("forum", "view", $in->{f}))) &#0124;&#0124; ((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (!exists $self->{VARSFORUMS}->{$in->{f}}))) {</pre>should be <pre> } elsif(((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (ref($perms) =~ m/UBB::SecurityToken/) && ($perms->has_permission("forum", "view", $in->{f}) <= 0)) &#0124;&#0124; ((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (!exists $self->{VARSFORUMS}->{$in->{f}}))) {</pre>

BTW, ubb_search.cgi shoulda had <=0, not < 0 <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109914
05/14/02 02:19 PM
05/14/02 02:19 PM

A
Anonymous OP
Unregistered
Anonymous OP
Unregistered
A


Fixed in the next release.

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!


Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Custom Insert won't save
by Baldeagle. 06/18/18 07:44 PM
New Image capabilities ver 7.6.1
by Abbott. 06/14/18 02:28 PM
Thread deleted?
by Lisanne. 06/05/18 11:13 AM
random 500 server errors on post
by Bad Frog. 05/31/18 09:34 AM
Upgraded from 7.6.0 to 7.6.1.1
by BB. 05/30/18 12:33 PM
Forum Statistics
Forums36
Topics35,121
Posts191,324
Members12,085
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.2
(Preview build 20180524)