alexis

Manage forums bug

Recommended Posts

Hello,

I've found a critical issue, which let the users to freely access the forum settings, which is only accessible through the ACP.

Steps for reproducing this bug:

1) Collab owner is not an administrator.

2) As a collab owner create a new forum within his collab.

3) After creating the forum, in the Search field input a name of any forum located OUT of the collab.

4) Enjoy the full access to any settings of the NON-collab forums without having an access to the ACP and with no need to be an Administrator!! :o:(

Some pictures for easy understanding:

This is the step 2: the non-administrator collab owner has just created a new discussion forum inside his collab:

1044633384_.thumb.PNG.e521e656fe028ec4fc9a6678a863bc8d.PNG

This is how the "Manage Forums" page looks like:

125113175_.thumb.PNG.e82e4fa2338cd09920fdfec7255fe1fd.PNG

And there is how the bug appears: (Steps 3 and 4)

579363569_.thumb.PNG.68465286c9c6e30f1cb401c92850ef74.PNG

The forum "Invisible forum to anyone" is located OUT OF the collab, it locates in the "main forum", as you can see on the Menu buttons ("Copy to a collab" and "Move to a collab"), and according to the Forum settings on the ACP, it is not visible to anyone, including Administrators. This should not happen, since the collab owner is not an Administrator and doesn't have an access to the ACP.

 

@Kevin Carwile, please kindly try to resolve this dangerous bug as soon as possible, this impacts a lot. I believe, this time it is a really important issue. Please do not ignore, thank you.

Edited by alexis
Title changing

Share this post


Link to post
Share on other sites

Your content will need to be approved by a moderator

Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.