Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 01:36 pm EDT

Geeklog Forums

Information Leakage?


mmsmtp

Anonymous
What I mean is ... I have set many users belonging to many individual groups, and members of a group could read/post to the section designated for that group only. Normally other users not in a particular group cannot get into the topics of that group... However when he click on another user in the Who's Online Block...he could view the comments posted by that person that should originally not be visible to him. Could I disable the last 10 comments or there is any other solution? (same problem exists in What's New Block) Thanks you guys.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Well, the easiest solution would be to simply remove the "last 10 comments" section from the profile: Open layout/YourTheme/users/profile.thtml and remove the section that starts with "start_block_last10comments" up until (and including) the "end_block". You made a good point here. We're currently fixing some other "information leakage" problems in Geeklog and this one has been overlooked so far. So thanks for bringing it to our attention. bye, Dirk
 Quote

mmsmtp

Anonymous
Thanks Dirk!
 Quote

All times are EDT. The time is now 01:36 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content