XF 2.1 Link signatures work despite being disabled

cb_tree · Sep 5, 2020

Users are still able to post links in their signatures.

Paul B · Sep 5, 2020

Are those members in other user groups which allow links?

What is the result if you run a permission check on one of the members?

cb_tree · Sep 5, 2020

No the user belongs only to the 'registered users' group. Analyzed permissions: Global Permissions;

beerForo · Sep 5, 2020

Were they promoted or demoted from other groups where they could have done this already?

cb_tree · Sep 5, 2020

@beerForo No, I created a user from scratch to test permissions per low level usergroups and found this issue.

Is that an ongoing issue where users from past groups carry over permissions?

Paul B · Sep 5, 2020

Signature permissions are not retroactively applied to existing signatures.

So if a member already had a signature with a link, removing the permission won't delete it.

However, in this case, you said you created a new member so that presumably doesn't apply.

Does the same happen with all add-ons disabled?

cb_tree · Sep 5, 2020

Brogan said:
Does the same happen with all add-ons disabled?

Yes. I should also mention that more than one link (unlimited I should say) can be applied just as long as it doesn't exceed number of lines.

On another low level group right above 'registered users' they are allowed one link and if that link is supplemented by another link it gives the error message of " Your signature may only have 1 link(s)."

I also found that if you bunch up links that they would count as one link, e.g. " https://google.com https://google.com" and you won't receive the error message, of course they don't work in the signature but it seems like a way to go around this block.

EDIT

I created another user called "Test" just to see it wasn't an error associated with that user and in my server logs these errors appeared. Not sure if it's related, but it mentions account/signature. These were generated by user "Test." No other errors since then.

InvalidArgumentException: Accessed unknown getter 'thuix_font_size' on XF:UserOption[19]
src/XF/Mvc/Entity/Entity.php:194

Rich (BB code):

Stack trace
#0 src/XF/Mvc/Entity/Entity.php(106): XF\Mvc\Entity\Entity->get('thuix_font_size')
#1 internal_data/code_cache/templates/l1/s6/public/PAGE_CONTAINER.php(2517): XF\Mvc\Entity\Entity->offsetGet('thuix_font_size')
#2 src/XF/Template/Templater.php(1315): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array)
#3 src/XF/Pub/App.php(547): XF\Template\Templater->renderTemplate('PAGE_CONTAINER', Array)
#4 src/XF/App.php(2001): XF\Pub\App->renderPageHtml('

            <f...', Array, Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#5 src/XF/Mvc/Dispatcher.php(402): XF\App->renderPage('

            <f...', Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#6 src/XF/Mvc/Dispatcher.php(58): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#7 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#8 src/XF.php(391): XF\App->run()
#9 index.php(20): XF::runApp('XF\\Pub\\App')
#10 {main}

Rich (BB code):

Request state
array(4) {
  ["url"] => string(18) "/account/signature"
  ["referrer"] => string(36) "https://domain.com"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }

Error 2:

ErrorException: Template error: Function uix_js is unknown
src/XF/Template/Templater.php:914

Rich (BB code):

Stack trace
#0 [internal function]: XF\Template\Templater->handleTemplateError(512, 'Function uix_js...', '/home/ro/web/co...', 914, Array)
#1 src/XF/Template/Templater.php(914): trigger_error('Function uix_js...', 512)
#2 internal_data/code_cache/templates/l1/s6/public/uix_js.php(32): XF\Template\Templater->func('uix_js', Array, true)
#3 src/XF/Template/Templater.php(1315): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array)
#4 src/XF/Template/Templater.php(1388): XF\Template\Templater->renderTemplate('uix_js', Array)
#5 internal_data/code_cache/templates/l1/s6/public/helper_js_global.php(90): XF\Template\Templater->includeTemplate('public:uix_js', Array)
#6 src/XF/Template/Templater.php(701): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array, Array)
#7 internal_data/code_cache/templates/l1/s6/public/PAGE_CONTAINER.php(3311): XF\Template\Templater->callMacro('helper_js_globa...', 'body', Array, Array)
#8 src/XF/Template/Templater.php(1315): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array)
#9 src/XF/Pub/App.php(547): XF\Template\Templater->renderTemplate('PAGE_CONTAINER', Array)
#10 src/XF/App.php(2001): XF\Pub\App->renderPageHtml('

            <f...', Array, Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#11 src/XF/Mvc/Dispatcher.php(402): XF\App->renderPage('

            <f...', Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#12 src/XF/Mvc/Dispatcher.php(58): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#13 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#14 src/XF.php(391): XF\App->run()
#15 index.php(20): XF::runApp('XF\\Pub\\App')
#16 {main}

Rich (BB code):

Request state
array(4) {
  ["url"] => string(18) "/account/signature"
  ["referrer"] => string(36) "https://domain.com"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

cb_tree · Sep 9, 2020

Is there an update regarding this?

Paul B · Sep 9, 2020

Those errors are related to the uix style you have installed.

You will need to contact the style author for assistance.

cb_tree · Sep 9, 2020

Oh no, I meant in regards to users being able to set a link in their signature when its explicitly set to no. And as I mention below a user can equip unlimited links in their signature just as long as it doesn't surpass the number of lines allowed.

I should also mention that more than one link (unlimited I should say) can be applied just as long as it doesn't exceed number of lines.

On another low level group right above 'registered users' they are allowed one link and if that link is supplemented by another link it gives the error message of " Your signature may only have 1 link(s)."

I also found that if you bunch up links that they would count as one link, e.g. " https://google.comhttps://google.com" and you won't receive the error message, of course they don't work in the signature but it seems like a way to go around this block.

Paul B · Sep 9, 2020

I am unable to replicate it in a default installation - the permissions work as designed for me.

The signature contents saves as normal but the URLs are not linked - they are plain text.

Presumably there's a third party add-on or some other customisation involved if your install is behaving differently.

cb_tree · Sep 9, 2020

So it's working as intended -- a user can enter a full link "https://google.com" but it doesn't work when clicked on? It doesn't pop up as an error, similar to when you add more than one allowed link?

I believe this should be restricted if the user is disallowed to use links in their signature. The same error message should pop up notifying the user that they aren't allowed to post any links in the format of "https://google.com" or "google.com" because other users can easily highlight and right click "search google for ..."

Code:

Oops! We ran into some problems.
Your signature may not have any link(s).

It serves as a security measure, since registered users are unknown, the link can contain malware etc.. Especially if it's a big board.

XF 2.1 Link signatures work despite being disabled

cb_tree

Member

Paul B

XenForo moderator

cb_tree

Member

beerForo

Well-known member

cb_tree

Member

Paul B

XenForo moderator

cb_tree

Member

cb_tree

Member

Paul B

XenForo moderator

cb_tree

Member

Paul B

XenForo moderator

cb_tree

Member

Similar threads

We value your privacy