• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Tor

Bob_R

Active member
#1
Has anyone ever heard of Tor?

Well guess what. Anyone that has Tor and is a member of your site (maybe they have to already be a Mod) instantly becomes a Mod of every forum on your board!

If the staff here don't know about this I suggest you look into it immediately.

And, if I'm somehow wrong or mistaken please guide me in the right direction.

Because one of my members has just proved it to me. He can mod every single forum but the Staff Only forum.

Does anyone have a logical explanation for this?
 

Itworx4me

Well-known member
#3
Has anyone ever heard of Tor?

Well guess what. Anyone that has Tor and is a member of your site (maybe they have to already be a Mod) instantly becomes a Mod of every forum on your board!

If the staff here don't know about this I suggest you look into it immediately.

And, if I'm somehow wrong or mistaken please guide me in the right direction.

Because one of my members has just proved it to me. He can mod every single forum but the Staff Only forum.

Does anyone have a logical explanation for this?
Confirmed. As long as you are already a Mod you become a M0d of every forum.

Major security vulnerability.
I would say you have a Permissions Issue. I would first check there.....
 

Jeremy

Well-known member
#4
Besides permissions, can you replicate this yourself on a test account?

How did you add the user to the moderator user group?

How do you set up your moderator permissions?
 

Bob_R

Active member
#6
Besides permissions, can you replicate this yourself on a test account?

How did you add the user to the moderator user group?

How do you set up your moderator permissions?
No, can't replicate. Do not wish to install TOR.

Do not remember how added to mod user group was last June

Do not remember how set up moderator permissions was last June.
 

Mike

XenForo developer
Staff member
#10
What did analyze permissions show exactly? If test permissions gave you those permissions, then analyze permissions would show it. Tor is entirely unrelated.

It's almost certainly an issue in your permission configuration, such as you applying moderator permissions to the moderating group (thereby giving them all moderator permissions everywhere it isn't explicitly removed).
 

Bob_R

Active member
#12
What did analyze permissions show exactly? If test permissions gave you those permissions, then analyze permissions would show it. Tor is entirely unrelated.

It's almost certainly an issue in your permission configuration, such as you applying moderator permissions to the moderating group (thereby giving them all moderator permissions everywhere it isn't explicitly removed).
Here's a little snapshot from his Analyze permissions.
 

Attachments

Mike

XenForo developer
Staff member
#15
That analyze permission screenshot shows what I expected: you applied permissions via the moderating group. This means that the user receives those permissions everywhere unless explicitly revoked. If you are dealing with forum-specific moderators, you shouldn't specify any "default" moderating group permissions and apply the permissions you want via the "Moderators" system.
 

Bob_R

Active member
#16
That analyze permission screenshot shows what I expected: you applied permissions via the moderating group. This means that the user receives those permissions everywhere unless explicitly revoked. If you are dealing with forum-specific moderators, you shouldn't specify any "default" moderating group permissions and apply the permissions you want via the "Moderators" system.
I am dealing with forum specific moderators. Where is the "Moderators" system?
 

Lawrence

Well-known member
#18
I am dealing with forum specific moderators. Where is the "Moderators" system?
AdminCP -> Users -> Moderators -> Create New Moderator
Type in the user name, and then select Forum moderator, and select the forum from the drop down. This will take you to a new check-box permission system for that forum, :)
 

Brogan

XenForo moderator
Staff member
#20