Devs is this normal behaviour? (General)

by Chris T, Wednesday, December 09, 2020, 20:46 (132 days ago)

Not sure if the following scenario is normal behaviour for the script or if it's just a bug I have?

User A posts a message that Akismet marks as spam

User B can then go to User A's posting list and click on the spam post and read what was posted with the yellow spam warning box?

Shouldn't the spam post by User A be invisible to User B until the post has been approved by admin or mods?

Avatar

Devs is this normal behaviour?

by Micha ⌂, Wednesday, December 09, 2020, 21:34 (132 days ago) @ Chris T

Hi,

no that is not the intended behaviour. Can you check the following changes? Make a backup of the user.inc.php!

Open the user.inc.php and go to the 'show_posts'-case, i.e. line 285f. In line 285f there are two SQL statements (depending on the categories of the forum). Commend both lines and add/repalce the code by the following modified statement:

   if ($user_postings_count > 0) {
    //if ($categories == false) $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
    //else $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." AND category IN (". $category_ids_query .") ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
 
    $categories_restriction = $categories == false ? "" : " AND category IN (". $category_ids_query .") ";
    $spam_restriction = !$isModOrAdmin ? " AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['b8_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['akismet_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) " : "";
 
    $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, 
              UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky 
              FROM `" . $db_settings['forum_table'] . "` 
              WHERE user_id = ". intval($id) . " " . $categories_restriction . " " . $spam_restriction . " 
              ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
 
    $i = 0;

Does it work as expected for you?

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Devs is this normal behaviour?

by Chris T, Thursday, December 10, 2020, 14:29 (131 days ago) @ Micha

My expertise is not at all good but I can try it, does this fix apply to version 2.4.19? as I didn't want to upgrade anything before Christmas.

Avatar

Devs is this normal behaviour?

by Micha ⌂, Thursday, December 10, 2020, 18:21 (131 days ago) @ Chris T

Hi,

does this fix apply to version 2.4.19?

No, I don't thinks so. I add the changes to 2.5.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Devs is this normal behaviour?

by Chris T, Friday, December 11, 2020, 00:31 (131 days ago) @ Micha

Is there anything I can do in 2.4.19 to fix? or do we just have to wait for 2.5?

Avatar

Devs is this normal behaviour?

by Micha ⌂, Friday, December 11, 2020, 07:02 (131 days ago) @ Chris T

Hello,

in 2.5, some new tables (e.g. for B8 SPAM protection) are added. These tables are not presented in former versions and my modified SQL will not work here. Usually, SPAM postings are deleted by the admins/mods and, thus, this problem rarely occurs. For short: It is not a show stopper nor a security issue, so, I believe, we will fix it only for the new 2.5 version.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Devs is this normal behaviour?

by Chris T, Friday, December 11, 2020, 14:47 (130 days ago) @ Micha

Thank you for your reply.

I will wait for 2.5

Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.

Avatar

Devs is this normal behaviour?

by Micha ⌂, Saturday, December 12, 2020, 10:58 (130 days ago) @ Chris T

Hi Chris,

Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.

Yes, that is the goal.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

RSS Feed of thread

powered by my little forum