I just did a search for something on "All open forums", and I got results from areas that I do not have access to.
I couldn't enter the areas, but it did list the topics that matched.
Just thought I would mention it.
So why did you post it here instead of ICQ'ing me?
Fancy telling us the fix?
Basically, all calls of $user_permissions->has_permission need to be changed to explicitly check for > 0 for success, < 1 for failure.
It's never 0.5, it's ints between -3 & 4 (or something like that)
So this will require many files to be updated then?
Most calls return 1, 0, or undef. Calls checking forum permissions can return between -3 and 4, including 0 and undef.
LK,
It'd really help if you could be clear about exactly where and what to change in ubb_search.cgi since the InfoPop thread doesn't show you exactly that.
I just need a temp fix since no official update has been released and I'm already using v6.3, yet it's clearly insecure.