Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 6 Support
  4. Bugs and Errors - 6
  5. 'search' security leak!

'search' security leak!

Asked Modified Viewed 2,539 times
Back to Forum Index Previous Topic Next Topic
Print
M
muppel
M
muppel 10
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
asked
Junior Member

My site is completely closed for non members, however some themes have a searchbox on top, visible for every visitor and when they use it for example to search for forum post, suddenly they can read posts for members only, can this be overcome?
Edited by muppel on 08-02-2006 06:19,
0 replies

8 posts

P
Prince NightFox
P
  • Member, joined since
  • Contributed 85 posts on the community forums.
  • Started 15 threads in the forums
answered
Member

I found this error back when Digi was redesigning PHPFusion (v6 maybe v6.00.100) and he corrected it.
0 replies
P
Prince NightFox
P
  • Member, joined since
  • Contributed 85 posts on the community forums.
  • Started 15 threads in the forums
answered
Member

try downloading and reuploading the up-to-date search.php, see if it does the trick... it shouldn't show any thing that it's not supposed to.
0 replies
M
muppel
M
muppel 10
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
answered
Junior Member

Quote

flyingduck wrote:
yeah, add an iMEMBER! code in top and bottom, search in the forums :D


You see that is not the solution, to remove the search feature, btw for now its only usable for members by implementing an iMEMBER line, so I dont have to remove anything, but

Now members can get acces to administrators only posts in the search results!

btw I'm talking about the standard search.php
Edited by muppel on 08-02-2006 08:29,
0 replies
S
Shiro
S
Shiro 10
I do not help people who do not have the copyright on their website. I should flame you for even posting.

This post powered by
dbsdevelop.com/themes/Belmont/../../images/fusion.gif
v6.01.5 © 2003-2005
  • Junior Member, joined since
  • Contributed 10 posts on the community forums.
  • Started 1 thread in the forums
answered
Junior Member

remove the code from the theme or remove the theme all together? >_>
0 replies
M
muppel
M
muppel 10
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
answered
Junior Member

On second thoughts this still is a security leak because: altough the search feature is only for members usable now, now a member can get administrators posts in their search result wich should be closed for members if this is set for administrators only, do you see what I mean by respecting member settings now? for example the forum_threads panel does actualy respect members setting, It would be nice if the search results did the same
Edited by muppel on 08-02-2006 06:27,
0 replies
M
muppel
M
muppel 10
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
answered
Junior Member

thanks I found some posts for iMEMBER that did the trick

for others I added this line

if (!iMEMBER) fallback("index.php"wink;
Edited by muppel on 07-02-2006 15:20,
0 replies
I
it-norden
I
Find it.
Think...
Fix it!
  • Senior Member, joined since
  • Contributed 240 posts on the community forums.
  • Started 7 threads in the forums
answered
Senior Member

yeah, add an iMEMBER! code in top and bottom, search in the forums :D
0 replies
M
muppel
M
muppel 10
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
answered
Junior Member

For example can the search feature be corrected/modded to respect member-only settings
0 replies

Category Forum

Bugs and Errors - 6

Labels

None yet

Statistics

  • Views 0 views
  • Posts 8 posts
  • Votes 0 votes
  • Topic users 4 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet