Re: Move Topic link problem

[Andrew Davie]

I am also seeing this problem, or something very similar. I moved a thread.
Now I have 404 errors, in some circumstances, for attached files.

I have a bit more diagnosis, but results are baffling;

* In my "normal" account on Brave browser, I can download the link with no problem at all. I can logout and download is still fine.

* I switched to an incognito/private page, viewed without logging in. The link does not work.

* I logged in via incognito, link worked. I logged out and it worked. Restarted window. Worked.

* Tried via Safari. Did not work. Logged in, worked. Logged out, did not work.

I have checked the permissions on the forum. "view attachments" is enabled for guests.
This all became a problem when I moved the topic.

URL is
woodgrain . taswegian . com / index.php?action=dlattach;attach=210

I am on SMF 2.1.4
I'm running theme "ProCurve"

[Andrew Davie]

As a test, I switched the theme back to default SMF; the problem is still there.

[Kindred]

Topic split from old topic... different scenarios with different sites need different topics

[Andrew Davie]

I have now spent a LOT of time learning/changing permissions on my board, and I'm fairly certain I have clear evidence of SMF bug(s).  I am more than happy to provide access to the forum/admin/database(s) to allow diagnosis. I'm a developer myself, so can help diagnose too. I've tried everything I can see regarding user permissions, board permissions, etc. Very strange behaviour which is reproducible.  Please PM me or reply if you'd like a walkthrough.

[Aleksi "Lex" Kilpinen]

EDIT:

I had a long diagnosis here already, actually two of them, but after going through all you posted more than once it seems so inconsistent that I'm hesitant now.
All I can say is, I strongly suspect host side caching at play. Not SMF being weird, but your host.

Quite a few hosts (usually specifically marketing Wordpress and/or other CMS hosting) will leverage caches that do not allow SMF to always actually check if you have access to see what you requested.  In fact, the cache might never let SMF see your request at all, and will just deliver the contents you have already seen once before. At worst, it might even deliver contents you have never seen - as long as someone else has already seen it, bypassing SMF security completely. I've seen this end up with users seeing wrong user profiles after logging in.

If you are using a hostside "firewall" or "accelerator", try turning it off?
Who is your host?

If you have a walkthrough to actually reproduce this issue, please do share.
We can quickly find out if it's SMF, because if it is we should be able to replicate it on any other host too.

[Arantor]

I'm currently minded to rule out Varnish and CloudFlare from the mix; none of the usual downstream response headers are present, and the server itself advertises itself as Apache so assuming we can take that on faith for now, we're not even fighting a reverse proxy in front of the webserver.

So let's start with the obvious: this is an attachment to a topic. Which topic is it posted in? Where is that topic now?

[Andrew Davie]

I am also seeing this problem, or something very similar. I moved a thread.
Now I have 404 errors, in some circumstances, for attached files.

I have a bit more diagnosis, but results are baffling;

* In my "normal" account on Brave browser, I can download the link with no problem at all. I can logout and download is still fine.

* I switched to an incognito/private page, viewed without logging in. The link does not work.

* I logged in via incognito, link worked. I logged out and it worked. Restarted window. Worked.

* Tried via Safari. Did not work. Logged in, worked. Logged out, did not work.

I have checked the permissions on the forum. "view attachments" is enabled for guests.
This all became a problem when I moved the topic.

URL is
woodgrain . taswegian . com / index.php?action=dlattach;attach=210

I am on SMF 2.1.4
I'm running theme "ProCurve"

I have tracked this down to a rather obscure thing.

All of my forum members were allocated to "(no primary membergroup" as per the attached image. There were only three member group options as shown (administrator, global moderator, no primary membergroup).  When I added a new one "Regular2" and based it off regular, then changed the users to this member group, suddenly everything started working for that member.

It appears to me that something borked either the database, or new member addition - so that the member group was not set or not available for the users, and so they did not/could not get permissions. No matter how much I changed the guest permissions, or member permissions - this did not work, because the users were not in the member groups I was changing.

I don't know for sure if this is/was my problem, but it appears to have fixed it. That is, create a new member group and assign the users to that.

[Arantor]

That sounds like a permissions problem in configuration.

It literally isn't possible for a member not to be in a user group (2 groups in fact) and when it says "no assigned user group" it means they're in the "registered members" group.

[Kindred]

All users always belong to two membergroups.

If they have no ASSIGNED group,  then they are part of the default group "regular members"

...and, all members are part of one of the post-count-based groups