Fixed Prefix permissions not checked in search form

even if you limit some prefixes to hidden forums and/or closed usergroups
they are still visible to everyone by using the search form:

This is because in Post.php, line 318:
$viewParams['prefixes'] = XenForo_Model::create('XenForo_Model_ThreadPrefix')->getPrefixesByGroups();
getPrefixesByGroups() is called without conditions to limit results.

Regards Opik
Hello Opik,

Edit: 25032013-1800

don't try this. :p

  public function getPrefixesByGroups(array $conditions = array(), array $fetchOptions = array(), &$prefixCount = 0)
        $prefixes = $this->getPrefixes($conditions, $fetchOptions);
        $prefixGroups = array();
        foreach ($prefixes AS $prefix)
      if ($this->_verifyPrefixIsUsableInternal($prefix, $viewingUser))
            $prefixGroups[$prefix['prefix_group_id']][$prefix['prefix_id']] = $this->preparePrefix($prefix);
        $prefixCount = count($prefixes);
        return $prefixGroups;


XenForo developer
Staff member
That fix is not correct. "Usable" and "visible" prefixes are different.

I have this fixed for 1.1.4: before listing prefixes in the search system, we check that they're in a forum you can view.
Hey that is pretty fast :)

I thought if a prefix is not usable for a user he doesn't have to view. :)

It was just a try und it make what it should... i think.

Thanks for fixing.