Weblinks

Posted: Fri May 31, 2013 9:28 am

I just found a modify link submitted to one of my links by Anonymous. Because I had to approve or ignore it didn't cause any problem. I am wondering if there is a verification step missing to prevent Anonymous from submitting link mods just like they can't submit links.

// $allowlinksmodify: Allow existing links to be modified by users (other than admin) (1=Yes 0=No)

If set to 1, which some may want, doesn't prevent users not logged in from submitting a mod. Technically only the users that originally submitted the link or the admin should be able to submit a mod to that link.

Site Admin Joined: Aug 22, 2007 Posts: 1772

You have sent me the same on my website as PM, i have answered with a fix. Please check it!

Posted: Fri May 31, 2013 2:45 pm

Since, as you had stated, it may be an issue with the original RN module I posted same here. Fix should be shown here and applied to RN 3.0

Posted: Fri May 31, 2013 4:01 pm

Sure, but you are using my Mod of the module and if should my fix work, then i can it comapre it with the original module to provide a fix for both. Smile

Posted: Sat Jun 01, 2013 8:11 am

Ok after some checks with the original module i can say that is not bug. Its all fine but you can missunderstand the settings of the variable $allowlinksmodify. It seems its from a early time of phpnuke:

// $allowlinksmodify: Allow existing links to be modified by users (other than admin) (1=Yes 0=No)

That means everyone can modify the links. The user can also be a guest like anonymous or a regsitered users. Here exists on the first view no difference in the settings between guests and registered user. But exits another variable to do this: $blockunregmodify. This variable do the same job for $allowlinksadd.

// $blockunregmodify: Block unregistered users from suggesting links changes? (1=Yes 0=No)
// $links_anonaddlinklock: Allow Unregistered users to Suggest New Links? (1=Yes 0=No)

Posted: Sat Jun 01, 2013 11:33 am

// $blockunregmodify: Block unregistered users from suggesting links changes? (1=Yes 0=No)

Default setting was 0 which should be 1. There is no justification for an unregistered user to suggest a modification to a link. This parameter should even be required in a good design.

The fix you made to your Mod of the module worked and would eliminate the requirement for this parameter.

Posted: Sat Jun 01, 2013 11:58 am

Nope, my fix is not the solution because its duplicate all and that def. not needed. And now is it not more possible that a guest can submit link or send change-request. In this case is the module broken and that was not my goal. Its def. not a bug. You have a only missunderstood the settings, not more. Do what you want but i'm writing a new version for the mod because i'm not happy.

BTW: It would be cool to have suggestions for my modifications in my forums and not as PM and not here. Now we have maybe some people cunfused with a not existing issue.