Fixed member able to bypass attachment limit (when dragging files into the editor)
- Thread starter Mr Lucky
- Start date
TPerry
Well-known member
Have you checked to see if the message was edited and additional images added to it each time? I'm not sure if the limit is applied for edits if there are already existing images in it.
SneakyDave
Well-known member
Is this person part of another usergroup that may have elevated attachment privileges?
Digital Doctor
Well-known member
Locally hosted ?
Martok
Well-known member
User group permissions only determine whether or not a user can upload attachments. The number of attachments in a post is a global option in Options > Attachments.
Mr Lucky
Well-known member
The message was not edited, however if it was then you should still get an error message when trying to exceed the limit, ie editing is not a method that can bypass the rules set.
There are no elevated attachment privileges related to number of attachments in a post. Usergroup permissions do not cover number of attachments. Well I can't find any such permission anyway but I'm asking in case there could be something lurking elsewhere that might override what is in Options > Attachments
I'm not quite sure what you mean. I was under the impression that all attachments go into your xenforo attachment folder (data or internal data)
yes, this is exactly why I am confused as I'm not aware of any other place there could be such a permission. My test member with exact same usergroups cannot exceed the limit so I am quite perplexed about how this happened.
The post contains nothing but uploaded attachments
Code:
[ATTACH=full]7953[/ATTACH] [ATTACH=full]7954[/ATTACH] [ATTACH=full]7955[/ATTACH] [ATTACH=full]7956[/ATTACH] [ATTACH]7957[/ATTACH] [ATTACH]7953[/ATTACH] [ATTACH]7954[/ATTACH] [ATTACH]7955[/ATTACH] [ATTACH]7956[/ATTACH] [ATTACH]7957[/ATTACH] [ATTACH]7953[/ATTACH] [ATTACH]7953[/ATTACH] [ATTACH]7954[/ATTACH] [ATTACH]7955[/ATTACH] [ATTACH]7956[/ATTACH] [ATTACH]7957[/ATTACH]Mr Lucky
Well-known member
No, but so far I have not been able to reproduce the issue, so even disabling all addons isn't going to tell me anything.
I have tried a test member same usergroups, attempted to upload more after edit, tried drag and drop and it is all working as expected - the error notice pops up when it should.
Are all of these attachments actually visible inside the post (either by thumbnail or the full image) or are some of them merely a link e.g. "View attachment 79566"
Mr Lucky
Well-known member
Last edited:
As far as I can work out, the only way this might have happened is if the user posted several posts with the attachments and then a moderator came along and merged them together. That would be logged in the "Moderator Actions" log though in the Thread Tools.
Mr Lucky
Well-known member
Just checked, nothing in the moderator log re: that thread at all.
But it's not something you've been able to reproduce since?
Presumably you can't upload more than X images when creating the post, but what if you save the message, edit (and then go to More Options) and then try to add more, does that allow them through? (It shouldn't, and doesn't in my testing). That said, if it was done this way then the post would have a "History" link assuming you have post edit history enabled.
Presumably you can't upload more than X images when creating the post, but what if you save the message, edit (and then go to More Options) and then try to add more, does that allow them through? (It shouldn't, and doesn't in my testing). That said, if it was done this way then the post would have a "History" link assuming you have post edit history enabled.
Mr Lucky
Well-known member
I tried that in my testing. As expected I could not upload beyond the limit when editing (which is of course the way it should be)
The post has no edit history.
I am going to test again on my test installation with a database from before the post, and log in as that actual member to see what happens.
Martok
Well-known member
Though doesn't Post Edit history only kick in after 5 minutes (so in theory you can edit a post multiple times in that window and it now show in history)?
Digital Doctor
Well-known member
Aren't lots of those duplicates ?
No. Post edit history is always logged, regardless.
The "Last edited by..." only appears after 5 minutes.
Mr Lucky
Well-known member
Success, I can reproduce it. On my live site with max images set to 2.
It is necessary to drag and drop the files in one go. I did this with eight images and got the error. I just dismissed this error and hit the post reply button and the reply appeared with 6 images:
I then did a second test, and did not even get the error.
https://cafesaxophone.com/threads/testing-attachments.20650/