MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > Latest Posts on Profile (shows threads users shouldn’t see)
Full Version: Latest Posts on Profile (shows threads users shouldn’t see)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Omar G.

2018-02-09, 12:15 AM
@RateU I think you are right, also, this should have been fixed years ago instead of making developers work around it. Doesn't a separated column makes more sense ?

(2018-02-08, 09:35 PM)isoldehn Wrote: [ -> ]I will wait until a resolve that is correct to do this. Thanks for all the help everybody, I appreciate it, so I’ll just follow this thread until a resolve is given. Smile

My solution is pretty much taken from core code, so isn't really wrong.

isoldehn

2018-02-09, 03:47 AM
(2018-02-09, 12:15 AM)Omar G. Wrote: [ -> ]My solution is pretty much taken from core code, so isn't really wrong.

I'm unsure of what's going on after RateU's comment so I thought maybe there was a fault in the code? I'm slightly confused, apologies. Smile

Omar G.

2018-02-09, 04:00 PM
There is a flaw on implementation I believe. nothing we can do about at this moment. That fix is probably the best you will get until the author fixes it (probably using the same code too).

RateU

2018-02-09, 05:11 PM
(2018-02-09, 03:47 AM)isoldehn Wrote: [ -> ]I'm unsure of what's going on after RateU's comment so I thought maybe there was a fault in the code? I'm slightly confused, apologies. Smile

LOL. No. My previous post was not intended for Omar G. I'm sorry for making you a bit confuse.

I know him well when we talk a lot in MyBB Hacks. He really cares about the quality, security and performance of his plugins. IMHO, he is a good plugin developer.

I just tried to explain what happen if we omit the t.closed not LIKE 'moved|%' from the query. Any moved threads that have redirects will be listed twice.
Also, SQL pattern matching using LIKE can also uses Index if it is started with a string first (prefix) and the column has index (some other variables will be considered as well).

IMO, the solution provided by Omar G is a good solution. Even MyBB uses it. Though we also need to skip threads from forum(s) that have "Can Only View Own Thread" permission.

Edit:
Forgot to say this:
If this is the plugin what you meant:
https://community.mybb.com/mods.php?action=view&pid=914
then at least sanitize the thread subject.

isoldehn

2018-02-10, 08:27 PM
Awesome thanks!

What do you mean by sanitize the subject?

Whiteneo

2018-02-10, 09:38 PM
Sanitize = protect data to prevent some kind of xss, sql injections or code injections due some special chars into user name like single, double quotes, ampersands, etc.

Use htmlspecialchars_uni into that var at least and even avatar var if it is used i did not see this plugin but that is about last question
Pages: 1 2
MyBB Community Forums > Extensions > Plugins > Plugin Support > Latest Posts on Profile (shows threads users shouldn’t see)