• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed Prefix permissions not checked in search form

even if you limit some prefixes to hidden forums and/or closed usergroups
they are still visible to everyone by using the search form:

This is because in Post.php, line 318:
$viewParams['prefixes'] = XenForo_Model::create('XenForo_Model_ThreadPrefix')->getPrefixesByGroups();
getPrefixesByGroups() is called without conditions to limit results.

Regards Opik
Hello Opik,

Edit: 25032013-1800

don't try this. :p

  public function getPrefixesByGroups(array $conditions = array(), array $fetchOptions = array(), &$prefixCount = 0)
        $prefixes = $this->getPrefixes($conditions, $fetchOptions);
        $prefixGroups = array();
        foreach ($prefixes AS $prefix)
      if ($this->_verifyPrefixIsUsableInternal($prefix, $viewingUser))
            $prefixGroups[$prefix['prefix_group_id']][$prefix['prefix_id']] = $this->preparePrefix($prefix);
        $prefixCount = count($prefixes);
        return $prefixGroups;


XenForo developer
Staff member
That fix is not correct. "Usable" and "visible" prefixes are different.

I have this fixed for 1.1.4: before listing prefixes in the search system, we check that they're in a forum you can view.
Hey that is pretty fast :)

I thought if a prefix is not usable for a user he doesn't have to view. :)

It was just a try und it make what it should... i think.

Thanks for fixing.