Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

bug report ? direct link permissions

edited November 2010 in Vanilla 2.0 - 2.8

i disabled the ability of the users to view the profile pages but if a user knows the url he can call directly the page example :http://domain/forum/profile/edit
and he can change the values

i don't think that's ok


Sign In or Register to comment.