Security: Views exposed ...

**Martin** · Mon 22 May '00, 10:12pm

Kibbles,
The fix for this is here:
[url]http://vbulletin.com/forum/showthread.php?threadid=600[/url]

It will be corrected in the next release:)

**kibbles** · Mon 22 May '00, 11:24pm

Unfortunately that doesn't correct the problem.

Here's the steps to replicate:

1. Create private forum.
2. Post a message in that forum.
3. Get another user who can't see the forum bring up the profile of the user who can (and posted).
4. Click "Search for other posts by this user"
5. Look at list in shock and dismay as it lists the forum name and the post title in the results list when this particular user shouldn't be able to see anything.

For now I've disabled search on my forum but it's a real PITA.

-G

**Martin** · Mon 22 May '00, 11:31pm

okay, so it's still showing up in searches?

Does the bug fix take care of the last post in profile problem?

**werehere** · Mon 22 May '00, 11:52pm

You could also remove that from your search template until there is a fix you are sure about:)

**Mike Sullivan** · Tue 23 May '00, 1:47am

(argh! Now I'm having cookie problems here...)

Anyway, I tried that to reproduce the last bug on my forums and couldn't. I searched while logged in and the post correctly showed up. When I wasn't logged in (at all, NOT as another member), the post didn't show up...

**kibbles** · Tue 23 May '00, 5:42am

[QUOTE][i]Originally posted by Martin [/i]
[B]okay, so it's still showing up in searches?

Does the bug fix take care of the last post in profile problem? [/B][/QUOTE]

I checked my code and I already had the fix in there (using "latestversion" here) but it's still showing up in the profile. I'll look again.

To be honest I'm more concerned about the search function since it also lists the forum title in addition to the message title. That makes it kind of hard to have hidden & private forums.

-G

**John** · Tue 23 May '00, 7:04am

I have identified this as a bug in the private forum 'setting' for forums. I will put the fix into the next version, but to sort out the problem youself, do this:

1) Select modify forums under usergroups in the control panel.

2) Select the edit link next to the private forum under the registered header.

3) Set all the options here to no

4) Repeat 2&3 as neccessary for each private forum and several of the user groups. The groups are: registered, unregistered, users awaiting email confirmations and (coppa) users awaiting moderation.

John

Security: Views exposed ...

Security: Views exposed ...

Comment

Comment

Comment

Comment

Comment

Comment

Comment