1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Prefix permissions not checked in search form

Discussion in 'Resolved Bug Reports' started by Opik, Mar 24, 2013.

  1. Opik

    Opik Member

    even if you limit some prefixes to hidden forums and/or closed usergroups
    they are still visible to everyone by using the search form:

    This is because in Post.php, line 318:
    $viewParams['prefixes'] = XenForo_Model::create('XenForo_Model_ThreadPrefix')->getPrefixesByGroups();
    getPrefixesByGroups() is called without conditions to limit results.

    Regards Opik
    erich37, Vincent, Peter Klein and 2 others like this.
  2. orgetorix

    orgetorix Member

    Hello Opik,

    Edit: 25032013-1800

    don't try this. :p

      public function getPrefixesByGroups(array $conditions = array(), array $fetchOptions = array(), &$prefixCount 0)
    $prefixes $this->getPrefixes($conditions$fetchOptions);
    $prefixGroups = array();
            foreach (
    $prefixes AS $prefix)
          if (
    $prefixGroups[$prefix['prefix_group_id']][$prefix['prefix_id']] = $this->preparePrefix($prefix);
    $prefixCount count($prefixes);
  3. Mike

    Mike XenForo Developer Staff Member

    That fix is not correct. "Usable" and "visible" prefixes are different.

    I have this fixed for 1.1.4: before listing prefixes in the search system, we check that they're in a forum you can view.
    Slavik and orgetorix like this.
  4. orgetorix

    orgetorix Member

    Hey that is pretty fast :)

    I thought if a prefix is not usable for a user he doesn't have to view. :)

    It was just a try und it make what it should... i think.

    Thanks for fixing.

Share This Page