Thread: Statistics Modifications - VSa - Advanced Forum Statistics (AJAX)
View Single Post
  #436  
Old 09-20-2010, 12:14 AM
apokphp apokphp is offline
 
Join Date: Nov 2002
Posts: 440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Found a bug, pretty major IMO. It's a permissions but.

The display of thread titles in the stats box is mistakenly pulled from the permission setting of "Can View Forum". It erroneously applies that permission to determine if X usergroup can see a thread title of that forum in the stats area. It should be pulling from "Can View Others' Threads". It's this setting that disallows non-usergroups of that forum to not be able to see any thread title on the forum home page (and is why these usergroups will see nothing there).

To be clear, private forums appear on the forum home screen for all to see, but the contents or latest thread title is not available to those w/o access.

The stats mod however, allows visible access to those who are not supposed to see it (because they are not a member of that private forum).

See the attached images. This is what just registered users see (who do not belong to any private forum or usergroup with access to private forums). Registered users should not be seeing these thread titles in the stats mod.

The red arrows in the 2nd screenshot show the thread titles of private discussions that groups w/o access to the forums, can see. This bug is significant enough for us to uninstall if it can't be fixed as it means that non-staff have access to the thread titles in our staff forums (in addition to the complications it creates for private forums).
Attached Images
File Type: jpg prvform.jpg (90.4 KB, 0 views)
File Type: png privstat.png (45.2 KB, 0 views)
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01276 seconds
  • Memory Usage 1,783KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (2)postbit_attachment
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete