Announcement

Collapse
No announcement yet.

member.php & findlastposter -> user perms

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • member.php & findlastposter -> user perms

    This is minor and mainly relates to those that have forums that aren't accessible to all usergroups and want to maintain the privacy of those users who do.

    URLs of the sort:

    member.php?action=getinfo&find=lastposter&threadid=xxxxxx
    member.php?action=getinfo&find=firstposter&threadid=xxxxxx


    Shouldn't it check to see if the thread is in a forum that the user has permission to view?

    Else a curious troublemaker could go about finding out who has special privileges or what not (when they try to access the thread and get the invalid error.....)
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X