Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15916 is a reply to message #15912] |
Fri, 09 January 2004 14:06 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma:
|
Senior Member |
|
|
Thank you for your answers!
Wild_Cat: | I see it now: the index page urls for anon user gives links to forums as following: t=threadt
Ilia: | I think the problem is due to the fact you have enabled threaded forum listing for anon users but disable threaded forum views. To fix this either edit the profile of anon user (access via user manager with anon user's nick name) or eanble threaded topic views & then disable it (it should set correct values).
|
|
Not quite sure I understand. I have three view of threads disabled and tree view of messages enabled and default view is set to Flat thread/Tree message. But enabling three view of threads had solved the problem and it remained OK on its diabling. Thank you. A note for future fix in installation may be too?
Wild_Cat: | Well, I do can strip this SQ thingy together with rid from urls to forums & messages?Ilia: | That would open a big security hole in your forum.
|
|
How severe is this hole? I mean this string was not present in previous forum versions, so is the security level just the same this way or even worse?
Because you guess it is REALLY unhandy to give such urls externally.
Also, is this string embedded as part of url in PATH_INFO template too? (I can't check it now, my own server doesn't support PATH_INFO, but when I put it on Internet, I wanted to do so)
Linking from outside could actually present a big discomfort because certain systems do not handle long urls (threating them as any other long string, breaking it apart by a space) and users who might give links to my forum will certainly take the whole string and may be even unaware that it's broken for lenght reasons wherever they posted it, so I lose potential visitors!
Wild_Cat: | 5) BTW the admglobals.php when I change the anonymous user name only changes LOGIN & ALIAS to a new setting, the NAME remains on Anonymous Coward. Unhandy, may be have it changed to this new value automatically too?Ilia: | Since NAME is a private fields users do not see it does not matter.
|
|
OK, I get the message. If I wish to show the name on profile, it's my concern to edit NAME field in the DB too Although I think for customizability, logic & integrity reasons you could just add another VALUE in SET query for this user_id 1 setting in future releases
Wild_Cat: | 6) And I see yet another kind of bug - sorry for posting it here but it's in the context of discussed things - now Administrator is put as Custom Status to user 0 - Anonymous Coward! It's true the anon user doesn't get this custom status displayed it seems, yet... me neither! =)) (OK, I can set it by hands, but before it was set automatically and now it automatically sets my NAME to administrator and Custom Tag Administrator to anonymous user in the MySQL table
Ilia: | Not sure I understand the problem, could you give me simple step by step instructions on how to replicate the bug? Thanks.
|
|
Very simple actually! Make a new installation and look in the fud_users table. user_id=2 (which is admin installing the forum) does not have the custom tag 'Administrator' any more (no custom tag is set by installer at all), it's the user_id=1 (anonymous) who has such custom tag ('Administrator')! (I guess it concerns only new installations, still there is a change toward an almost unnoticeable mistake in new installation)
Thanks again for explanations!
Lady of Avalon
[Updated on: Fri, 09 January 2004 14:15] Report message to a moderator
|
|
|