Search in 6.3 - UBB.Developers

UBB.Dev

I just did a search for something on "All open forums", and I got results from areas that I do not have access to.

I couldn't enter the areas, but it did list the topics that matched.

Just thought I would mention it.

So you can :|.

So why did you post it here instead of ICQ'ing me?

FIXED!

Fancy telling us the fix?

http://community.infopop.net/2/OpenTopic?a=tpc&s=729094322&f=1863088313&m=1083036725

Basically, all calls of $user_permissions->has_permission need to be changed to explicitly check for > 0 for success, < 1 for failure.

But what if it's 0.5?

It's never 0.5, it's ints between -3 & 4 (or something like that)

So this will require many files to be updated then?

quote:
cgi-binubb_lib_pntf.cgi:
cgi-binubb_lib_secgroups.cgi:
cgi-binubb_poll.cgi:
cgi-binubb_profile.cgi:
cgi-binubb_search.cgi:
noncgiTemplatespublic_avatar_select.pl:
noncgiTemplatespublic_edit_profile.pl:
noncgiTemplatespublic_user_posts.pl:

But the most important ones are public_user_posts.pl and ubb_search.cgi.

Most calls return 1, 0, or undef. Calls checking forum permissions can return between -3 and 4, including 0 and undef.

LK,

It'd really help if you could be clear about exactly where and what to change in ubb_search.cgi since the InfoPop thread doesn't show you exactly that.

I just need a temp fix since no official update has been released and I'm already using v6.3, yet it's clearly insecure.

bump