[FIXED] Privacy Issue: Widget Leaking Threads With No Permissions...

xydrine

New Member
Hey!

This is such an incredible addon - we love it on our forum. Unfortunately in the past I have seen some other permissions-related issues with it, but for the most part you guys have taken care of them in the latest versions.

I just saw one permissions-related issue when it comes to widgets, however. I had to disable the widget for the social group sections entirely until this gets fixed.

This may appear in other areas of the forum - on widgets or whatever, but I can at least confirm that with the "New Threads" widget, people who are not members of a specific social group, are able to see titles of threads in the New Threads widget.

Here's the widget in question:

ffzz.webp

And here's the widget where the thread titles would be leaked to:

Capture.JPG

^ The above screenshot, the "Welcome SquirrelMaster to the Team" thread in the "Acceptus" social group general discussion forum, was taken by someone who does not have access to this social group (Acceptus).

I have not changed any permissions or anything on any of these social group forums. Here's the current settings for the permissions for this social group's node:

accss.webp

Anyway, it's very possible that I have a setting wrong/have set this up wrong initially - if that's the case and this is actually not a bug, please let me know and tell me what I need to do to fix this. But I'm pretty sure it is some sort of bug, because the permissions and everything else seem to work perfectly on the forum in general - it's just the widgets that have an issue.

Thanks!
 
Yep, absolutly. With that bug I am forced to shut down the groups immediatly and to disable the whole add-on until this is fixed. That´s a nightmare.
 
This could be make N+1 queries on your forum whatever the widget to show.
 
Back
Top