News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Any vulnerability found?

Started by musicus, April 11, 2012, 04:38:38 PM

Previous topic - Next topic

musicus

A user in my forum has alerted me on it. Since it it is possible as a normal user to edit texts by other users. This error occurs, not always, but occasionally it happens that every normal user can manipulate text by other users.

All permissions are set correctly

Sorry my bad english

kat

The permission you want, isn't shown in either of your screenshots.

The one you want is "Modify posts", left-hand column, second from bottom. :)

musicus


kat

Weird.

This is a long-shot...

Do the members concerned belong in more than one membergroup, because of post-count groups?

Are they inheriting permissions from there?

If not, I'm stumped, I'm afraid.

musicus

 I have two extra Membergroups

Sponsor - normal Users, but they spend money for the server
Zerro - new users - 0-posters

emanuele

(almost) Nothing happen "randomly".

Here there is a pattern and I can see it by the half permission in your second picture: "Modify replies to own topics".

That permission gives the possibility to the member who start the topic to modify all the answers to that topic.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

musicus

But this user who has alerted me to the error, belongs to none or groups mentioned above

emanuele

My post refers to your very first post and this image:



Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

musicus


emanuele

Sorry, but no idea... :)
I don't speak German.

What I'm saying is that in the image I re-posted there is in the last half line selected the permission "Modify replies to own topics", remove that from any of your groups and the error should disappear. ;)


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

musicus


emanuele

The permission I'm telling you to remove is not in that part, is a bit below.
You can simply remove the tick from the permission and save.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

musicus


emanuele

Now, if all your groups are set that way (in your first picture it doesn't seem to be the case) you should be fine.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

musicus


Advertisement: