As designed Links are shown in signatur although disabled

snoopy5

Well-known member
Affected version
2.2.9
Hi,

registered users are able to post links in their signatur, although this option is disabled in the setting for this usergroup. See screenshot.

They are not member of any other group.

What could be the reason for this?

reg_users_signature_settings.jpg
 
Has the permissions always been set like that?

Any existing links prior to changing that permission aren't removed.
 
Do you mean they can post links that are clickable in the signature or are they posting links that are just plain text?
 
They are not clickable, but you can see the link.

The whole point of not allowing URLs in a signature is to hide urls completely to avoid spammers.

So if in ACP the option sais "do not allow links", it should be really not allowed. Clickable or not does not matter.
 
If they aren't clickable.. then they aren't a link... they are simply text.
The permission is apparently doing exactly what it is designed to do... preventing a clickable LINK from being shown and simply showing text like any other part of the signature.

Screen Shot 2023-01-21 at 9.53.20 AM.png

Now, would it be nice if it prevented/stripped ANY text that used http:// or https:// formatting.. yep.. but it currently does exactly what it was designed to do...prevent LINKS... not URL's.
Sounds like this is a moderation issue that you need to address... like removing the ability of that user from having a signature at all and editing his current one to remove ALL content from it.

Another suggestion.. disable signatures for ANY in the registered group, set up a promotion based upon time on site and number of posts and once a user meets that criteria, the promotion runs, they get promoted and the new group they get promoted into allows creation of signatures. That should pretty much eliminate the drive by spammers.
 
Last edited:
The whole point of not allowing URLs in a signature is to hide urls completely to avoid spammers.
I don't know about it being the whole point, but I do agree I would expect any link to not be allowed, clickable or just text.

But maybe it's technically not possible to do that.
 
I don't know about it being the whole point, but I do agree I would expect any link to not be allowed, clickable or just text.

But maybe it's technically not possible to do that.
The only way I can think of is to use regex in the word censor, and it would require this add-on (although I don't know if it is applied to signatures....plus, it would remove the text from posts as well, which is not good):



Another suggestion.. disable signatures for ANY in the registered group, set up a promotion based upon time on site and number of posts and once a user meets that criteria, the promotion runs, they get promoted and the new group they get promoted into allows creation of signatures. That should pretty much eliminate the drive by spammers.
This is exactly what we do--new members have limited privileges until they've proven themselves. Then after a handful of posts, it opens up everything they need. We have another "bogey" for those who participate more, which opens up another forum area (classified ads), which helps prevent members from signing up only to post ads.
 
This is as-designed. The permissions are designed to prevent certain BBCodes from being used, but they will not prevent link-like text from being saved or displayed. Even if we attempted to do that, spammers could still post link-like text broken up by spaces or other characters. If this is especially problematic, I would consider restricting signatures to new users entirely as outlined above.
 
Top Bottom