Security Issue with Social Group Forums

Freelancer

Active Member
#1
When you create a Main "Parent" Forum for all Social Group Forums in which then Social Group Forums are "child forums" – one can use it as a backdoor to switch to other forums even when those are in closed groups.

Main Forum for all Social Groups (Parent Node)
------Group 1 Forum (Child Node)
------Group 2 Forum (Child Node)

For example: while you are in the "Group 1 Forum" you simple click on the bread crumbs ---> "Main Forum for all Social Groups" and then see ALL forums of all groups listed in the frontend. Then you can go and access those forums.

@truonglv can you please implement a permission check that only if the user has access to a group, those forums are listed/accessible?
 
Last edited:
Top