Fixed Inline moderation loophole: Moderators can move posts to threads they can't access

K

Kirby

Well-known member
Affected version
2.2.7 PL 1
A moderator that only has permissions
  • Use inline moderation on threads / posts
  • Manage (move, merge, etc.) any thread
can move posts from a normally visible thread to a deleted or moderated thread, effectively removing them from public view.

This doesn't seem like smth. that would be expected, especially as merging a normal and a deleted thread does not work.
 
XF Bug Bot

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.8).

Change log:
Prevent posts from being moved or copied to threads that a moderator cannot view
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

K
Fixed Inline moderation action Unapprove threads does nothing when processing deleted threads
Replies
1
Views
323
XF Bug Bot
XF Bug Bot
JoyFreak
Moving a post in an unapproved thread approves the thread automatically
Replies
0
Views
231
JoyFreak
JoyFreak
Kruzya
  • Suggestion
Show affected content titles in Inline Moderation
Replies
0
Views
270
Kruzya
Kruzya
K
Confusing error message when trying to move thread
Replies
0
Views
491
Kirby
K
Steve Freides
Can I put an individual thread on moderation?
Replies
12
Views
396
Steve Freides
Steve Freides
Top