Fixed getModeratorsWhoCanHandleReport/filterViewableReports bypass Report::canView

Thread starter Xon
Start date Dec 8, 2018

X

Xon

Well-known member

Dec 8, 2018

#1

Affected version: 2.0.11

In nearly every case when checking report visibility, \XF\Entity\Report::canView is called. Except for two locations;

\XF\Repository\Report::getModeratorsWhoCanHandleReport
\XF\Repository\Report::filterViewableReports

Note;
filterViewableReports() can just be simplified to calling $reports->filterViewable()

XF Bug Bot

XenForo bug fixer bot

Staff member

Dec 10, 2018

#2

Thank you for reporting this issue. The issue is now resolved and we are aiming to include that in a future XF release (2.0.12).

Change log:

Consistently use code paths which result in the canView method of the report entity (rather than the handler) being used.

Any changes made as a result of this issue being resolved may not be rolled out here until later.

Share:

Facebook X (Twitter) Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Top Bottom