News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Startaza: Theme negates protected boards

Started by legaziofunk, January 18, 2018, 09:35:19 AM

Previous topic - Next topic

legaziofunk

Dear SMF-people,

(stats see signature)

after installing STARTAZA, two new boxes appeared on screen on the right-hand side:

1. Neue Beiträge ("new posts" - th forum is in German)
2. Popular Topics (yup, no translation there! ;-)

After a new post has been done in a protected/hidden board or there is huge traffic in a protected/hidden board, this very post pops up in one or both of these boxes giving access to any user to this very post and therefre the protected board, even the user has no permission to do so.

When clicking on that post, the user even has the possibility to reply and cite the aforementioned post, thus (e.g. some user has quoted the entire conversation) can look into the entire post or even the board - though only punctually.

How can this be fixed?

By fixing, I am specifically referring to the fact of NOT FEEDING qualified posts ("new" or "lots of traffic") into these boxes.

Just making them disappear is not what I am looking for. I want the connection of what is showing up be selective in dependency of the user's admissions/group memberships.

Thanx fpr your help!

P.S.: I am sorry if this is the wrong board. But since these boxes popped up AFTER I installed Startaza, I figuered this to be a theme related issue. Grazie!
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

If I understood you correctly, this should not be possible. Themes ( at least ones available here ) do not change core functionality. Do you have a link to the theme download?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

legaziofunk

Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 09:40:13 AM
If I understood you correctly, this should not be possible. Themes ( at least ones available here ) do not change core functionality. Do you have a link to the theme download?

Hmmm.... I saw this accidentally on the SMF main page somewhere. It's a fairly new theme, I recall.

Maybe here: https://custom.simplemachines.org/themes/index.php?lemma=2895

In fact, I am pretty sure that this is the place I got it from...
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Aleksi "Lex" Kilpinen

Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 09:54:46 AM
Thanks, I'll take a look at it.
I installed the theme on 2.0.15, created 2 test topics in a board limited only to certain membergroups, and was unable to reproduce the behavior you describe. The new posts don't show the topics even to admin for some reason, and the popular posts shows them only to users with access otherwise too. Both seem to be using SSI functions, so normal SMF permissions should be enforced here as well.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Kindred

you do realize that - if you install a new theme, after you already have mods installed - you will have to MANUALLY apply mod changes to every new theme?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

legaziofunk

Quote from: Kindred on January 18, 2018, 02:40:26 PM
you do realize that - if you install a new theme, after you already have mods installed - you will have to MANUALLY apply mod changes to every new theme?

What is a mod?
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

legaziofunk

Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 10:15:11 AM
Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 09:54:46 AM
Thanks, I'll take a look at it.
I installed the theme on 2.0.15, created 2 test topics in a board limited only to certain membergroups, and was unable to reproduce the behavior you describe. The new posts don't show the topics even to admin for some reason, and the popular posts shows them only to users with access otherwise too. Both seem to be using SSI functions, so normal SMF permissions should be enforced here as well.

Thanx!

I have no clue, how this happened.

The user, I added - as a test user - was newly added. And "he" "saw" this entry.

Do you have any suggestion how to proceed in order to produce a status "from scratch", so that any newly added user will not see this hidden entry?
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

It might be a cache playing tricks on you. Who are you hosted with?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

legaziofunk

*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

Unless I'm mistaken, that is as of 2017 under the same roof with GoDaddy - so I wouldn't be all too surprised to see them having a cache that would misbehave like that. Though, I am unfamiliar with Host Europe, and so can't really say for sure.

Before making any too far reaching conclusions, you have made sure the user can not access the topic in question "legally"?
Could you give me a link to your forum, and to the topic in question?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

legaziofunk

Quote from: Aleksi "Lex" Kilpinen on January 19, 2018, 10:28:00 AM
Unless I'm mistaken, that is as of 2017 under the same roof with GoDaddy - so I wouldn't be all too surprised to see them having a cache that would misbehave like that. Though, I am unfamiliar with Host Europe, and so can't really say for sure.

I have no clue, what you are referring to when mentioning GoDaddy... ;-)
I am slightly assuming what you are trying to depict with that cache issue though... slightly!!!

QuoteBefore making any too far reaching conclusions, you have made sure the user can not access the topic in question "legally"?
Could you give me a link to your forum, and to the topic in question?

Sure!

Forum:
http://wp12922522.server-he.de/simplemachine/smf_2-0-15_install/index.php

Topic in question:
http://wp12922522.server-he.de/simplemachine/smf_2-0-15_install/index.php?board=3.0

Will you have to become a member of this forum?
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

Both of those links show the widgets, and there is no content on either of them ( just like it should be since you are closed from guests ).
Also, the recent topics function "index.php?action=recent" is ruled out of guest view.
This at least shows that permissions for guests seem to be OK, and the widgets work there.

Could you allow guest browsing for a while?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

legaziofunk

Quote from: Aleksi "Lex" Kilpinen on January 19, 2018, 10:49:09 AM
Both of those links show the widgets, and there is no content on either of them ( just like it should be since you are closed from guests ).
Also, the recent topics function "index.php?action=recent" is ruled out of guest view.
This at least shows that permissions for guests seem to be OK, and the widgets work there.

Could you allow guest browsing for a while?

Guest browsing: Sure! It's still pretty empty the whole thing...

I set it up - and hiope I manged to do it correctly...
Please, let me know asap when you're done...
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 10:15:11 AM
The new posts don't show the topics even to admin for some reason
I found out why it did this to me.

The theme has this in place for some reason or another

$array = ssi_recentPosts(5.0, 7, null, 250, 'array');

My test was in board 7, which would be an excluded board in that if I'm not mistaken.

I think it should be


$array =  ssi_recentPosts(5, null, null, 'array');


Quote from: Aleksi "Lex" Kilpinen on January 18, 2018, 10:15:11 AM
and the popular posts shows them only to users with access otherwise too.
This one is OK, it's


$array = ssi_topTopicsViews(6, 'array');


I can't see a reason in either of those that would clearly explain what you are describing though.  ???
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Aleksi "Lex" Kilpinen

Quote from: legaziofunk on January 19, 2018, 12:03:12 PM
Guest browsing: Sure! It's still pretty empty the whole thing...

I set it up - and hiope I manged to do it correctly...
Please, let me know asap when you're done...
Not able to see it yet :)

Admin -> configuration -> Features and options -> General -> Allow guests to browse the forum

Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Illori

i dont think it should be using SSI in the first place. this really should be an issue the theme author should take a look at .

Aleksi "Lex" Kilpinen

Well, yeah there are probably better ways to achieve the same end result - and that one is oddly formed.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

legaziofunk

Quote from: Aleksi "Lex" Kilpinen on January 19, 2018, 12:18:51 PM
Quote from: legaziofunk on January 19, 2018, 12:03:12 PM
Guest browsing: Sure! It's still pretty empty the whole thing...

I set it up - and hiope I manged to do it correctly...
Please, let me know asap when you're done...
Not able to see it yet :)

Admin -> configuration -> Features and options -> General -> Allow guests to browse the forum

Thanx!

Changed it!

I must say: the structure of admin functions, I find a bit confusing and not "logic"... just my 5 cents ;-)
*I am a NEWBIE* Stats as of Dec. 2019
SMF: 2.0.15
Language: GERMAN UTF-8 by default for every user
Theme: CoreTheme
PHP: 7.2
MySQL Version: 5.6.45-86.1-log

Aleksi "Lex" Kilpinen

Quote from: legaziofunk on January 19, 2018, 12:39:59 PM
Quote from: Aleksi "Lex" Kilpinen on January 19, 2018, 12:18:51 PM
Quote from: legaziofunk on January 19, 2018, 12:03:12 PM
Guest browsing: Sure! It's still pretty empty the whole thing...

I set it up - and hiope I manged to do it correctly...
Please, let me know asap when you're done...
Not able to see it yet :)

Admin -> configuration -> Features and options -> General -> Allow guests to browse the forum

Thanx!

Changed it!

I must say: the structure of admin functions, I find a bit confusing and not "logic"... just my 5 cents ;-)
Thank you. The widgets still behave, and I can't see any boards at all, and can't access the topic you linked. That's good.
And this leads me to suggest you should go through your boards again, and make sure you have set access for groups correctly.
Any group having access to a board, will be able to access them, and see posts from them in the widgets.
You can turn off the guest access now if you want. :)

Oh, and I feel you - it takes a bit of getting used to, the Admin side of SMF. :)

Admin -> Forum -> Boards -> (select a board) -> Modify
Go through all boards, and make sure you have "Allowed Groups" set correctly. :)
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Advertisement: