Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Private Messages 1.1

178101213

Comments

  • I have the latest version of Private Messages (1.1) and it works beautifully. The only thing that I would like to see is some sort of notification when you recieve a Private Message. Just something so that you don't have to check your inbox constantly (or for members who don't know that they should be checking their inbox). Other than that, it works quite nicely. I have never been a fan of the whisper system...
  • edited May 2008
    The left panel does let you know when you have an unread message, though...changes to Inbox (1 unread message) or something along those lines. I agree that it could help to be a bit more noticeable however. Even just simply bolding the font when an unread message is in there would be helpful.
  • I have an inbox tab at the top of the screen, not a left panel display...
  • According to the latest documentation, Private Messages is supposed to function as such...with a count of unread messages appended to the "Inbox" label in the top tab when a user has unread messages. This isn't happening for you? You are using 1.1, correct? I can't recall if my PM add on is doing this... I'll double check and follow up.
  • Contrary to the documentation, and the code, my Inbox tab is not showing unread messages either... Not sure why?

    Seems this portion of the default.php code is what is trying to make this happen:

    if (isset($Menu)) { $PrivateMessages = $Context->ObjectFactory->NewContextObject($Context, 'PrivateMessages'); $TotalMessages = $PrivateMessages->GetDiscussionCount("Inbox"); $ReadMessages = $PrivateMessages->GetReadMessagesCount(); $UnreadMessages = $PrivateMessages->GetUnreadMessagesCount(); $NewMessages = ($TotalMessages - $ReadMessages) + $UnreadMessages; $TabName = $Context->GetDefinition('PrivateMessagesTab'); $Inbox = $Context->GetDefinition('Inbox'); if ($NewMessages > '0') { $TabName .= ' ('.$NewMessages.')'; $Inbox .= ' ('.$NewMessages.' '.$Context->Dictionary['NewMessage'].')'; } $Menu->AddTab($TabName, 'privatemessages', GetUrl($Configuration, 'extension.php', '', '', '', '', 'PostBackAction=PrivateMessages'), '', $Configuration['TAB_POSITION_PRIVATE_MESSAGES']); $Title = $Context->GetDefinition('PrivateMessages'); $Panel->AddList($Title, 100); $Panel->AddListItem($Title, $Inbox, GetUrl($Configuration, 'extension.php', '', '', '', '', 'PostBackAction=PrivateMessages')); $Panel->AddListItem($Title, $Context->GetDefinition('SentMail'), GetUrl($Configuration, 'extension.php', '', '', '', '', 'PostBackAction=PrivateMessages&View=SentMail')); $Panel->AddListItem($Title, $Context->GetDefinition('SendPrivateMessage'), GetUrl($Configuration, 'extension.php', '', '', '', '', 'PostBackAction=PrivateMessages&View=SendMessage'));

    Everything in check here? Any reason this wouldn't be working?
  • Is anyone able to update the Extension with the modifications discussed here?
  • We have a few user on our forum that are getting email notifications when they send a PM..... Did ant one ever figure out the cause for this or a fix for it?
  • I'm running Private messages v2, the one that has been forked from the official extension to include a better UI and a 'delete' function. Some of my users are starting to get smart about the inherent flaw in this extension-- the messages aren't really private, they are just hidden (i.e. if you luck in on a discussion ID and comment ID combo, you can read another two users private messages).

    Is there a way to make this message system truly private, or to obscure the addressing system so its not so easy to crack? I'm guessing friendly URLs might be a solution, but that extension seems to cause conflict with other extensions.
  • edited June 2008
    WOW this is a hell of a security flaw.... all users can, by changing the discussion ID, start at 1 and work your way up and read EVERY PM and post including the our "admin" category, even deleted posts. How do we fix this!
  • edited June 2008
    They will be denied access to the message/admin post/etc at the time of loading (it checks the permissions, I promise). All they will be able to tell is that there is a message with ID "X" that they don't have access to. (could be just about anything)



    EDIT: Guess not with the PM's, but with a fresh install of vanilla, this is not a flaw; if it is in fact the case, then it is a problem in the extension's code, not the core.
  • fsicsluvr, you are wrong on the access being denied to the admin post's... they are totally viewable. From what I have seen, "Private Messages" is the only PM system for vanilla. Or is there another?
  • Vanilla has a system of 'whispering' built in...
  • Sure, whispers' but I am looking for a "normal" pm system.... PM's are heavily used @ our forum, and our people like a traditional PM system, ya know.
  • i have just tried to access other PMs by changing the URL and can confirm that it is not possible.
  • edited June 2008
    @circuit -- so then its a confict with another extension? Because its happening on my forum.

    Any idea of what extensions could be causing the conflict?
  • Are you sure it happens for normal users and not just administrators?
  • edited June 2008
    Yes, I just checked it with my normal user account and the problem occured again (this problem was also pointed to me by my regular users).

    At least it doesn't happen for guest/unauthenticated users.

    EDIT: It gets more interesting... A thread that was deleted by accident (and I have been unable to undelete as much as I try through the front end) appears to be accessible only via the private message extension. Users have started to post in this hidden thread which mod and admins can't see unless they know the address...
    Example:
    /forums/comments.php?DiscussionID=62&page=1 doesn't load (gives errors dealing with ajaxquote and category roles which I'm going to have to look into)
    and
    forums/extension.php?PostBackAction=PrivateMessages&DiscussionID=62 doesn't load the deleted thread
    BUT
    forums/extension.php?PostBackAction=PrivateMessages&DiscussionID=62&View=Message loads the deleted thread. This makes me think its something to do with the &View=Message bit. Actually it looks like you can load any DicussionID through this method on our server.

    Also appears that this is the critical bit to let you view others private messages as well.
  • same here, I have two normal user accounts and it happens with both.... We are all so using a brand new fresh install of Vanilla.
  • Not to detract too much from this security issue (agreed it is big, just that my forum is so tiny and personal it's not an issue)... Do you guys also not have any "edit, delete or quote (ajax quote)" options in each pm's comment list as they appear in a normal discussion? I have a number of extensions that refuse to carry over to the PM extension, which I can learn to live with, but I'm surrised these basic controls are stripped from the comment lists... Ideas?
  • edited June 2008
    no idea why this bug doesn't seem to be there my forum. i am an admin, that's the only difference between my forum and the other examples above.
Sign In or Register to comment.