Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Category Permission Confusion, Possible bug



  • Seems a member got banned and maybe his question got nuked. Not cool
    No, that guy had just 2 posts per user that he created, nothing special. If you know a thread that's going on about security holes in activity, just let me know in a PM.
    Let's get back on topic

    There was an error rendering this rich post.

  • Hello all

    I'm about to finally upgrade my forum from Vanilla 1 to Vanilla 2. I had previously installed a test version of and discovered the issue with private category posts being visible in a user's activity feed.

    I noticed that a code update had been released on github (thanks @luc for the link) which patched the problem.

    Like @jrepage above, I too received some email notifications suggesting this may still be an issue as at November 2011.

    Can contributors to this thread, or anyone else who is running, confirm that this issue has been addressed in the core?

    On a related topic, users on my existing forum have made extensive use of the 'Whisper' feature which came with Vanilla 1. Some of the whispers contain sensitive information (not quite 'national security sensitive', but 'private' nonetheless).

    Can anyone explain how 'whispers' are treated in the export/import process when upgrading to Vanilla 2? and if they become part of the private messaging system, whether they remain private between between the author and recipient and not visible in an activity feed?

    Thanks all!

  • @barnsy

    I check thed activity, it doesn't show publicly, private category activity as far as I can see.

    grep is your friend.

  • Thanks @x00

    Anyone have any advice on how whispers are treated in the export/import process?


  • I know that they are not quite equivalent.

    V2 whispers are more like linked conversations.

    grep is your friend.

  • Thanks. Yeah I've read that whispers have now become private conversations and I really like that new feature.

    I'm more wondering how whispers are handled when I export my V1 whispers and import them into V2 - are they changed to private conversations automatucally? (I'd hate to see whispers appearing as regular comments!...)

  • barnsley I have done a Porter fork script called Porter Plus, it has several options. It is sponsored by a member on this forum. here is a screenshot:

    porter plus

    Note:utf-8 didn't turn out to be that useful,yet.

    Unfortunately I'm unable to releasing it yet because, he want do do some other stuff not related and it is taking a long time. There is still the arbitrary search and replace 9includign regular expressions) of post sponsored. I doesn't really make much sense to release without this, as I would have to undo the work.

    Beauty of sponsored development is anyone can sponsor, it doesn't have to be one person, and it helps open source along.

    If you have any features you would like, and would like to sponsor the search and replace, let me know. honestly I just want £15 for s&r, I want this over with so I can release a copy of it, then other can see and get involved.

    You can see some of my plugins produced through sponsored devleopment.

    grep is your friend.

  • To answer you question. it doesn't import whispers at all.

    If you would like to import whisper as conversations, this might be something you might sponsor.

    grep is your friend.

Sign In or Register to comment.