![[OzzModz] Attachments Plus](/community/data/resource_icons/8/8565.jpg?1636282106){kind=icon}
[OzzModz] Attachments Plus 2.0.0 Patch Level 2
- Thread starter Ozzy47
- Start date
Ivancas
Well-known member
@Ozzy47 we're getting this error at the logs:
Can you fix this bug?
Code:
TypeError: Argument 1 passed to XF\Language::getEffectivePhraseName() must be of the type string, null given, called in /www/sites/site.com/html/src/XF/Language.php on line 108 src/XF/Language.php:194
Generated by: Unknown account Oct 31, 2022 at 12:20 PM
Stack trace
#0 src/XF/Language.php(108): XF\Language->getEffectivePhraseName(NULL)
#1 src/XF.php(807): XF\Language->phrase(NULL, Array, true, true)
#2 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(148): XF::phrase(NULL)
#3 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(94): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->assertUserAttachment('281768')
#4 src/XF/Mvc/Dispatcher.php(352): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->actionDelete(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('ThemeHouse\\Atta...', 'Delete', Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2353): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}
Request state
array(4) {
["url"] => string(44) "/account/th-attachment-manager/281768/delete"
["referrer"] => bool(false)
["_GET"] => array(1) {
["/account/th-attachment-manager/281768/delete"] => string(0) ""
}
["_POST"] => array(0) {
}
}Can you fix this bug?
ProCom
Well-known member
Potential Security Issue?
We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.
We updated to this addon hoping it would fix the problem, but unfortunately it remains
I think what is happening:
Anybody else able to duplicate this?
We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.
We updated to this addon hoping it would fix the problem, but unfortunately it remains
I think what is happening:
- User uploads pics
- Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
- If the member's account is "deleted" the attachments remain in the system?
- If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Anybody else able to duplicate this?
ProCom
Well-known member
Does anyone that has this addon installed, and have members that have uploaded pics and then the account deleted? If so, please check if all the content for that "deleted" member gets moved into associated with "guest" user, and is then available to all non-logged-in / guest visitors?
im pretty sure that is default behavior....to avoid deleting content but respecting privacy etc
ProCom
Well-known member
From an xf perspective, this makes sense since the attachments are lightly spread through hundreds of thousands (maybe millions) of posts.
... but having them all in one spot has become challenging, especially when a member asks for deletion and sees all their images together.
I guess the most important question:
When a user is "deleted" and all their attachments are made as "guest", does this addon still respect the permissions of those images. Examples:
1) All images the "guest" uploaded to PM convos will NOT be visible in the addon's "guest" account?
2) All images the "guest" uploaded to private sections of the forum will NOT be visible in the addon's "guest" account?
I don't want a member that posted private pics in private threads or PM's, to then ask for deletion, and then have ALL their images viewable to "guests".
(Note: interestingly enough, logged-in members can't see the list of "guest" images. They have to log-off to see the images that they didn't have access to before)
Hi Ozzy, i have to notice one strange behaviour with this addon.
If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.
Is there a way to allow user to delete also these attachments? thanks.
Myck
Member
Did you manage to solve this?
nope, this is out of my possibilities.
The final user cannot delete that. He only can delete the attacchments that publish in a post. If he upload and then remove the attachment without publishing it, it remain permanetly in his attachment list.
Sems a feature "missing" from the add-on.
The final user cannot delete that. He only can delete the attacchments that publish in a post. If he upload and then remove the attachment without publishing it, it remain permanetly in his attachment list.
Sems a feature "missing" from the add-on.
Potential Security Issue?
We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.
We updated to this addon hoping it would fix the problem, but unfortunately it remains
I think what is happening:
Hopefully that makes sense?
- User uploads pics
- Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
- If the member's account is "deleted" the attachments remain in the system?
- If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Anybody else able to duplicate this?
Attachements page has to be accessable only by registered users.
Users need an option to delete their attachements at any time they want.
@Ozzy47 these are high level problems, can we get fix, please?
ProCom
Well-known member
Wow, that was a super simple fix. Sorry I didn't know this was an option to remove viewability for guests. Thanks!!!
Stuart Wright
Well-known member
elsparkodiablo
Active member
Seconded, thank you
Seconded, thank you
D
DevPunk
Guest
XF2.3 Compatibility?
Stuart Wright
Well-known member
Bump
