Community

Tags from not viewable topics can be seen by visitors & epic bug

Bug Reports
  • ffmadF
    ffmadF
    #1

    hi !

    I've seen a beautiful bug on my forum (ABM ) :

    1- you make a topic with a tag [restricted] in an area restricted to a group of users

    2- you connect as an user from this group and click on the tag [restricted] -> you see the topic

    3- you connect as an user lambda (with no rights), you can see the tag [restricted] even if it's not in any viewable topic. I you click on it, no topic will be seen.

    4- if you connect again as a user from the restricted group, the tag will have disapeared, and if you click on it on the topic, no results will be seen

    0
  • A
    A
    #2

    Can sort of confirm. I guess the issue here would be tags visible for categories that the user doesn't have permission to view.

    Second issue is once a user without permission has tried to view topics with this tag, it's no longer available to view by those even with the permission.

    0
  • barisB
    barisB
    NodeBB
    #3

    Fixed as of https://github.com/NodeBB/NodeBB/commit/5ec289eee2c44f4dd49e7b2884d27dd1acb20d5c.

    The problem was I was deleting tags that no longer had topics but was doing it in the wrong place. If a user couldn't see any topics the code was deleting the tag. I moved it up to actually check the tids and not the topics the user can see.

    0

Suggested Topics

  • ?

    BUG. The number of notifications in the favicon

    Bug Reports
    0 Votes
    1 Posts
    1159 Views

    ?

    Look at the number of notifications. What do you see? - Yes, there is -10.

    upload-0285cc86-14dd-498b-b7d7-2c7f5475e40f

    How so?
    As it turns out, if you very fast click on -

    31.png

    Even if you simply click on a few laps they stray from the correct number.

    @julian

  • F

    Avatar upload

    Bug Reports
    0 Votes
    8 Posts
    3494 Views

    julianJ

    @Sander-Struijk This is resolved for v0.6.1

    gh#2496

  • nikN

    Mobile Bug

    Bug Reports
    0 Votes
    4 Posts
    1542 Views

    julianJ

    @zenkamal @a_5mith This sounds like it's due the new way we store post bookmarks.

    Basically:

    Before, we stored the pid (e.g. 2341) Now, we store the post index (e.g. 5) The bookmark only updates if the current post # is > than the bookmarked post # Unfortunately, 5 will never be greater than 2341, so the bookmark never goes away.

    The old bookmark is basically trying to load the 2341th post in the topic, which doesn't exist. You can clear the bookmark by clicking the "x" at the top right of the notification alert, then that topic should be fixed.

  • aaronA

    Can't upload pictures!

    Bug Reports
    0 Votes
    8 Posts
    2733 Views

    barisB

    Yes you can host locally, can you update to https://github.com/designcreateplay/NodeBB/commit/18075b85c7642bd19e63cd8c57ac2e845f35e878 and try again let me know what error message you get. Thanks.

  • O

    Bug or Security Feature, I'm not really sure.

    Bug Reports
    0 Votes
    8 Posts
    3172 Views

    julianJ

    @BarveyHirdman said:

    Not sure node why app --setup wants to use ./src/emailer.js

    That file is required during admin user creation because we send the "welcome to NodeBB" email during the user creation process.

    A little redundant, as third-party emailers aren't even installed or setup yet during installation, but that's specifically the reason why it is being require'd

| | | |
Copyright © 2023 NodeBB | Contributors