[2.0 RC1] A problem of security?

Started by tigas3000, February 25, 2009, 05:28:19 AM

Previous topic - Next topic

tigas3000

Hello, in my forum, I have an user that thought he had found a problem of security that can be explored.

I'm here to say what he think so that Simple Machines Comunity can solve in next version.

It is about the warning of members and a way to post a message with 50% of warning. He said that the "danger line" in the "public source code"(I don't if this is the correct english word) that every browser can see is this:
<INPUT type="hidden" name="not_approved" value="1">

I don't know what this can be but I think I should report this to the smf team.

Best Regards

karlbenson

That variable is NOT used to decide IF its approved or not.

That variable is primarily used to decide IF the user should be warned that their post requires approval. (controls the js alert)

I went ahead and checked it anyway.
My 'watched/moderated' members were not able to post approved posts.


Advertisement: