1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed canBypassUserPrivacy call

Discussion in 'Resolved Bug Reports' started by Syndol, Aug 17, 2011.

  1. Syndol

    Syndol Guest

    In the user model (Model/User.php) line 2003:
    PHP:
    if ($this->canBypassUserPrivacy($viewingUser))
    {
        return 
    true;
    }
    should be

    PHP:
    if ($this->canBypassUserPrivacy($null$viewingUser))
    {
        return 
    true;
    }
    as the function being called is

    PHP:
    canBypassUserPrivacy(&$errorPhraseKey '', array $viewingUser null)
    line 1878 of same file

    Took me many hours to track this one down :cry:
     
    Alien and erich37 like this.
  2. Edrondol

    Edrondol Well-Known Member

    Wait. Are there conditions under which people can bypass security? What can they get to?
     
  3. Syndol

    Syndol Guest

    Its just for viewing posts and profiles as a member - no security implications.
     
  4. Edrondol

    Edrondol Well-Known Member

    Okay, thanks.
     
  5. Mike

    Mike XenForo Developer Staff Member

    Fixed, thanks. :)
     

Share This Page