Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Security problem with Thankful People

edited September 2011 in Vanilla 2.0 - 2.8
If a "normal" user check Administrator Profile, under "Thanks!" column can read the first word of a post in Admin area...
Tagged:

Answers

  • SS ✭✭
    edited September 2011
    Could you explain term "first word of a post in Admin area"?
  • Hi @S, thanks for your help!
    I have a forum with one category limited to staff only. If a registered user go to staff member profile, and browse the "Thanks" column he can read title and few words of post in one category that they are not allow to read. Example: normal user, browsing admin profile, can read, under "Thanks" label, title and few words of a post in admin restricted area thanked by admin.
  • :( i will turn it off then.
Sign In or Register to comment.