phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Noticed something odd in Jumpbox Functions


 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
JLA
Board Member



Joined: 30 Apr 2009

Posts: 298
Location: U.S.A


flag
PostPosted: Tue Aug 09, 2011 4:50 am 
Post subject: Noticed something odd in Jumpbox Functions

We were performing a code audit today and in functions, noticed that for some reason the is_auth was commented out and the jumpbox was directed to only show forums that had a general auth_view for standard users.

Normally when we make code changes, it is commented as to what, when, why, where, etc. These lines that were commented out were not annotated.

Anyone have any memory if Lanzer put out a blurb about doing such a thing to the Jumpbox for performance? Its the only thing I can think of of why that would have been done and if it was early on (2004/2005) then that might be the reason for the lack of annotations.

_________________
http://www.jlaforums.com
Back to top
StarWolf3000
Board Member



Joined: 10 Jun 2010

Posts: 83
Location: Stolpen, Saxony, Germany


flag
PostPosted: Mon Aug 15, 2011 1:09 pm 
Post subject: Re: Noticed something odd in Jumpbox Functions

This line
Code:
$is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);

is commented out by default on a phpBB 2.0.x installation.
This means that all private forums are hidden in the jumpbox.

When this is_auth() is enabled, then all users are able to see all private (hidden) forums in the list but cannot be accessed if they don't have the permissions to do so.
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 298
Location: U.S.A


flag
PostPosted: Tue Aug 16, 2011 2:43 am 
Post subject: Re: Noticed something odd in Jumpbox Functions

StarWolf3000 wrote:
This line
Code:
$is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);

is commented out by default on a phpBB 2.0.x installation.
This means that all private forums are hidden in the jumpbox.

When this is_auth() is enabled, then all users are able to see all private (hidden) forums in the list but cannot be accessed if they don't have the permissions to do so.


Hi,

I checked this and it appears that this might not be clearly the case. I think that the line will only allow forums that have the auth VIEW for the user to be shown to the user.

Tested this on our install after enabling the function

Example

Forum 1, 2, 3, 4

1, 2 and 4 have view for all
3 is private for specific usergroup members only

User 1 - unregistered
User 2 - standard registered user
User 3 - standard registered user and usergroup member for usergroup granted view access to forum 3

User 1 sees: 1, 2, 4
User 2 sees: 1, 2, 4
User 3 sees 1, 2, 3, 4

_________________
http://www.jlaforums.com
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0078 seconds using 15 queries. (SQL 0.0010 Parse 0.0002 Other 0.0066)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo