Link in signature for user with no such permission

AnneMoss

AnneMoss

Member
We only allow links in signatures for users in certain usergroups. This week we had a new user who is not in any of these groups insert a link into the signature. Permissions analysis for the user showed everything was ok -
Capture.webp
I tested the permissions as the user and the link icon doesn't show up in the signature editor.

Could it be that the user used the URL bbcode to insert a link? Wouldn't that generate an error message since he doesn't have the right permissions? I thought about disabling the URL bbcode from being used in signatures but wanted to ask here first in case that disables links for all users somehow.
 
Sort by date Sort by votes
The use of the BB code should be prevented too.

If you look in the xf_user_profile table for that user and look for the signature field for that user what is the actual contents?

It would be worth copying that and registering a new account to see if it can be reproduced.

If it does indeed allow the use of that particular signature it would be worth disabling all add-ons and trying again.

Let us know what the signature content is and we’ll also do some testing.
 
Upvote 0 Downvote
Also note that if they were temporarily in a group that allowed the links, they will still work when removed from the group.

You may want to check the user's change log to confirm when and what changes were made to their account.

You can also see the raw BB code for the signature when editing the user's profile in the admin control panel.
 
Upvote 0 Downvote
Checking the change logs I wonder if what happened was this -
1. User types in a URL in his signature. It's not an active link as he has no permissions.
2. Our moderator edits the signature to take out an image that was not in line with our guidelines.
3. System automatically converts the link to a URL while the moderator edits the signature (because the moderator does have link allowed in signatures).
Circled in red here are moderators names, and as you can see the URL bbcode tag appears only once these edits are made.
Capture.webp
 
Upvote 0 Downvote
The moderator who made the edits says that the link was definitely clickable before she edited anything. Could it be that an http line would be converted without showing the URL bbcode in the change log?
 
Upvote 0 Downvote
No it looks like there was no URL until the moderator saved it.

Actually, it's true that if the moderator edited it that it would bypass the user restrictions. Our BB code system automatically links URLs it detects so that's how the URL tags got added when the IMG tag was removed by the moderator.

So, this is confusing, but expected. Generally moderator and admin edits aren't subject to the same restrictions. Just something to watch out for in the future.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Ozzy47
[OzzModz] User Signature List
Replies
18
Views
539
beansbaxter
beansbaxter
TheStoryTeller
  • Question Question
MG 2.2 Pictures pasted from private forums don't show in posts.
Replies
5
Views
324
TheStoryTeller
TheStoryTeller
R
  • Solved
XF 2.2 Insert Link in Signature per custom userfield
Replies
4
Views
662
Rene B.
R
yodiceman
Duplicate Unfurl error due to apostrophe in internal link
Replies
1
Views
521
Jeremy P
Jeremy P
BuzzK
  • Question Question
XF 2.2 Newbie question re: best practices for listing multiple links
Replies
5
Views
332
TPerry
TPerry
Top Bottom