[Rejected] Plugins ignoring permissions
#1
Version 1.8.18
PHP version 7.1.25

I'm uncertain if this is a bug or just a bad feature overall. I will admit. But I'm uncertain where to post this otherwise as I consider this not an error on the plugins part, nor do I inherently consider this a security issue. Please do correct me if I'm wrong.

Many years ago I used a most-recent-threads plugin that displayed that there were threads posted in a hidden forum category. This was not meant to happen of course, but "reasonable". Users could not read the threads anyway. Regardless, I disabled this plugin.

I am now using the Advanced Sidebox (3.1.16) plugin's Latest Threads module and it somehow can completely ignore any permissions set in the ACP. It not only shows the threads from the forums that only moderators are permitted to view, but it also allows another user group to bypass the reading and posting permission restrictions when clicking the links in the sidebox. The only way to disallow this is to hide the forums altogether from the module-view.

This straight down should not be possible to do, not for any plugin or plugin author. Surely?  Undecided
Reply


Messages In This Thread
Plugins ignoring permissions - by Zarkaylia - 2019-01-23, 08:36 PM
RE: Plugins ignoring permissions - by Wildcard - 2019-01-23, 08:48 PM
RE: Plugins ignoring permissions - by Zarkaylia - 2019-01-23, 09:10 PM
RE: Plugins ignoring permissions - by Omar G. - 2019-01-23, 09:16 PM
RE: Plugins ignoring permissions - by Zarkaylia - 2019-01-23, 09:55 PM
RE: Plugins ignoring permissions - by Omar G. - 2019-01-23, 10:05 PM
RE: Plugins ignoring permissions - by Zarkaylia - 2019-01-23, 10:15 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)