Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
bobbyg
Worker
Worker



Joined: Dec 05, 2007
Posts: 212
Location: Tampa, Florida

PostPosted: Fri May 31, 2013 9:28 am Reply with quote

I just found a modify link submitted to one of my links by Anonymous. Because I had to approve or ignore it didn't cause any problem. I am wondering if there is a verification step missing to prevent Anonymous from submitting link mods just like they can't submit links.

// $allowlinksmodify: Allow existing links to be modified by users (other than admin) (1=Yes 0=No)

If set to 1, which some may want, doesn't prevent users not logged in from submitting a mod. Technically only the users that originally submitted the link or the admin should be able to submit a mod to that link.
 
View user's profile Send private message Visit poster's website
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1774

PostPosted: Fri May 31, 2013 1:23 pm Reply with quote

You have sent me the same on my website as PM, i have answered with a fix. Please check it!

_________________
Github: RavenNuke 
View user's profile Send private message
bobbyg







PostPosted: Fri May 31, 2013 2:45 pm Reply with quote

Since, as you had stated, it may be an issue with the original RN module I posted same here. Fix should be shown here and applied to RN 3.0
 
neralex







PostPosted: Fri May 31, 2013 4:01 pm Reply with quote

Sure, but you are using my Mod of the module and if should my fix work, then i can it comapre it with the original module to provide a fix for both. Smile
 
neralex







PostPosted: Sat Jun 01, 2013 8:11 am Reply with quote

Ok after some checks with the original module i can say that is not bug. Its all fine but you can missunderstand the settings of the variable $allowlinksmodify. It seems its from a early time of phpnuke:

// $allowlinksmodify: Allow existing links to be modified by users (other than admin) (1=Yes 0=No)

That means everyone can modify the links. The user can also be a guest like anonymous or a regsitered users. Here exists on the first view no difference in the settings between guests and registered user. But exits another variable to do this: $blockunregmodify. This variable do the same job for $allowlinksadd.

// $blockunregmodify: Block unregistered users from suggesting links changes? (1=Yes 0=No)
// $links_anonaddlinklock: Allow Unregistered users to Suggest New Links? (1=Yes 0=No)
 
bobbyg







PostPosted: Sat Jun 01, 2013 11:33 am Reply with quote

// $blockunregmodify: Block unregistered users from suggesting links changes? (1=Yes 0=No)

Default setting was 0 which should be 1. There is no justification for an unregistered user to suggest a modification to a link. This parameter should even be required in a good design.

The fix you made to your Mod of the module worked and would eliminate the requirement for this parameter.
 
neralex







PostPosted: Sat Jun 01, 2013 11:58 am Reply with quote

Nope, my fix is not the solution because its duplicate all and that def. not needed. And now is it not more possible that a guest can submit link or send change-request. In this case is the module broken and that was not my goal. Its def. not a bug. You have a only missunderstood the settings, not more. Do what you want but i'm writing a new version for the mod because i'm not happy.

BTW: It would be cool to have suggestions for my modifications in my forums and not as PM and not here. Now we have maybe some people cunfused with a not existing issue.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©