Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
0 registered members (), 97 guests, and 240 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
mcasado
mcasado
oregon and belize
Posts: 185
Joined: November 2006
Show All Member Profiles 
Top Posters(30 Days)
isaac 22
Gizmo 18
TheBrit 14
Zarzal 12
SteveS 8
Ruben 4
jorb 4
Latest Photos
Test
Testing to drag photos
Comfortable Cats
Test
BSA photos
Previous Thread
Next Thread
Print Thread
View Recient Posts / Administrators [FIXED - 6.3.0] #109897
05/10/02 07:33 AM
05/10/02 07:33 AM
A
Anonymous OP
Unregistered

Just noticed by one of our mods last night...

Any logged in member can view recient posts and see the titles of any posts made by moderators and adminisrators in our private forums.

This wouldn't be so bad other than we generally post admin topics such as:

'JoeHacker (0006734) Pirate???'

In our failing attempt to keep our forums clean of trash. Sometimes we are wrong about these things, most of the time we are right, but we post these things to make sure all the signs are there before just kicking someone from the server.

IF users found out about this, we could have quite a few pissed off users...

Is this happening to anyone else?

[This message was edited by Charles Capps on August 19, 2002 at 10:21 AM.]

Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109898
05/10/02 11:25 AM
05/10/02 11:25 AM
A
Anonymous OP
Unregistered

Which version are you running?

You're referring to the "view recent posts" link when viewing someone's profile?

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109899
05/10/02 12:56 PM
05/10/02 12:56 PM
A
Anonymous OP
Unregistered

Good catch, I think the following in public_user_posts.pl fixes it: Find:<pre> next unless $user_permissions->has_permission("forum", "view", $f);</pre>Replace with:<pre> next unless $user_permissions->has_permission("forum", "view", $f) == 1;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109900
05/10/02 06:25 PM
05/10/02 06:25 PM
A
Anonymous OP
Unregistered

I'm not sure if that's the correct fix (UBB::SecurityToken::has_permission() is not easy to understand), but there are other places in the script where has_permission() is checked in a similar manner. Those could have the same problem (if it is a problem).

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109901
05/11/02 12:39 AM
05/11/02 12:39 AM
A
Anonymous OP
Unregistered

Doh! Thought it was obvious that I was using the latest version as it just came out yesterday <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> I yell at my own users for not stating the obvious because most of the time what ya think is the obvious ain't <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />

Anywho, yeah, when you go to user profile and check latest posts, you'll see some of these. It doesn't show up in Todays Active Topics or other searches, but it does show up there.

LK -- I'm going to see if your hack works...we've gone back and changed all the private admin message titles, but this might help so if we forget <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" /> Thanks!

clif

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109902
05/11/02 01:39 AM
05/11/02 01:39 AM
A
Anonymous OP
Unregistered

Oops, instead of == 1, make it > 0...
<pre> next unless $user_permissions->has_permission("forum", "view", $f) > 0;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109903
05/11/02 09:10 PM
05/11/02 09:10 PM
A
Anonymous OP
Unregistered

has_permission can only return -2, -1, 0, undef, 1, 2, 3, and 4 when called for forum access. -2, -1, 0, and undef should all be false values for the unless check, which makes the > 0 bit a bit redundant...

clif, please open a support ticket (link in my sig)... include ATTN: Charles in the body, along with this URL:

http://community.infopop.net/6/ubb.x?a=tpc&s=729094322&f=1863088313&m=1083036725

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109904
05/12/02 05:11 AM
05/12/02 05:11 AM
A
Anonymous OP
Unregistered

Quote:
-2, -1, 0, and undef should all be false values for the unless check, which makes the > 0 bit a bit redundant...
Hmmmm ... but aren't -2 and -1 interpreted as "true" in Perl?

I thought that the only expressions interpreted as false were undef, 0, "0", "" (empty string) and () (empty list).

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109905
05/12/02 06:08 AM
05/12/02 06:08 AM
A
Anonymous OP
Unregistered

Dave is correct. Same bug also occurs in all other forums.

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109906
05/12/02 12:53 PM
05/12/02 12:53 PM
A
Anonymous OP
Unregistered

I would *love* to know when this issue has been resolved so I can update from 6.2.x <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109907
05/12/02 01:23 PM
05/12/02 01:23 PM
A
Anonymous OP
Unregistered

Posted in error. Disregard.

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109908
05/13/02 09:24 AM
05/13/02 09:24 AM
A
Anonymous OP
Unregistered

As requested, I put in a support ticket though I'd imagine it would only be there to get into your to-do list as LK's fix works perfectly.

Thanks LK!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109909
05/13/02 12:42 PM
05/13/02 12:42 PM
A
Anonymous OP
Unregistered

Gargh. Mixed logic. <img src="https://www.ubbcentral.com/boards/images/graemlins/frown.gif" alt="" />

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109910
05/14/02 09:18 AM
05/14/02 09:18 AM
A
Anonymous OP
Unregistered

Same bug in ubb_search.cgi:<pre> if($user_permissions->has_permission('forum', 'view', $vars_forums{$number}->[8]) > 0) {</pre><pre> (!$username &#0124;&#0124; !$user_permissions &#0124;&#0124; $user_permissions->has_permission('forum', 'view', $in{search_forum}) < 0 )) {</pre><pre> next unless $user_permissions->has_permission("forum", "view", $number) > 0;</pre>

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109911
05/14/02 09:29 AM
05/14/02 09:29 AM
A
Anonymous OP
Unregistered

grep found "has_permission" in the following files:

cgi-binubb_lib_pntf.cgi:
cgi-binubb_lib_secgroups.cgi:
cgi-binubb_poll.cgi:
cgi-binubb_profile.cgi:
cgi-binubb_search.cgi:
noncgiTemplatespublic_avatar_select.pl:
noncgiTemplatespublic_edit_profile.pl:
noncgiTemplatespublic_user_posts.pl:

I'd suggest checking all of them. <img src="https://www.ubbcentral.com/boards/images/graemlins/wink.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109912
05/14/02 11:55 AM
05/14/02 11:55 AM
A
Anonymous OP
Unregistered

Double post :/

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109913
05/14/02 11:57 AM
05/14/02 11:57 AM
A
Anonymous OP
Unregistered

Cool, so it IS possible to check if the user can access forum page in PNTF!! <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> <pre> } elsif(((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (ref($perms) =~ m/UBB::SecurityToken/) && (!$perms->has_permission("forum", "view", $in->{f}))) &#0124;&#0124; ((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (!exists $self->{VARSFORUMS}->{$in->{f}}))) {</pre>should be <pre> } elsif(((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (ref($perms) =~ m/UBB::SecurityToken/) && ($perms->has_permission("forum", "view", $in->{f}) <= 0)) &#0124;&#0124; ((exists $in->{f}) && ($in->{f} =~ m/^d+$/) && (!exists $self->{VARSFORUMS}->{$in->{f}}))) {</pre>

BTW, ubb_search.cgi shoulda had <=0, not < 0 <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />

Re: View Recient Posts / Administrators [FIXED - 6.3.0] #109914
05/14/02 01:19 PM
05/14/02 01:19 PM
A
Anonymous OP
Unregistered

Fixed in the next release.

--
Charles Capps
UBB.classic™ Developer
Having problems? Open up a support ticket!


Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Calendar Function
by TheBrit. 12/17/18 10:05 PM
Speaking of Http to https, complaints from user
by PianoWorld. 12/16/18 03:40 PM
update multilanguage site problem
by Zarzal. 12/15/18 04:20 PM
Char coding utf-8 and older forums
by Zarzal. 12/15/18 03:59 PM
table issue
by TheBrit. 12/13/18 06:05 PM
Forum Statistics
Forums36
Topics35,182
Posts191,702
Members12,123
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.2