Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Role exploit?

wetcirclewetcircle
edited February 2008 in Vanilla 1.0 Help
user(s) of my community have found that it is possible for them to change their roles.

Comments

  • FyorlFyorl
    edited February 2008
    Installing the Role List Fix should be your first step. Then you'll probably need to set the role of all his accounts to banned. Either through Vanilla itself or via the database.
  • wetcirclewetcircle
    i have installed your fix. thank you very much! apart from installing the fix i have removed the administrator role from the community reassigning myself to member status. if i need to use administrative functioning i will simply drop roles from the database importing everything the way it was. now not only are members not able to change their role to administrator but the database does not recognize the role. thank you again for all of your help!
This discussion has been closed.