Devs is this normal behaviour? (General)

by Chris T, Wednesday, December 09, 2020, 20:46 (527 days ago)

Not sure if the following scenario is normal behaviour for the script or if it's just a bug I have?

User A posts a message that Akismet marks as spam

User B can then go to User A's posting list and click on the spam post and read what was posted with the yellow spam warning box?

Shouldn't the spam post by User A be invisible to User B until the post has been approved by admin or mods?

Post reply
  2467 views
Avatar

Devs is this normal behaviour?

by Micha ⌂, Wednesday, December 09, 2020, 21:34 (527 days ago) @ Chris T

Hi,

no that is not the intended behaviour. Can you check the following changes? Make a backup of the user.inc.php!

Open the user.inc.php and go to the 'show_posts'-case, i.e. line 285f. In line 285f there are two SQL statements (depending on the categories of the forum). Commend both lines and add/repalce the code by the following modified statement:

   if ($user_postings_count > 0) {
    //if ($categories == false) $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
    //else $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." AND category IN (". $category_ids_query .") ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
 
    $categories_restriction = $categories == false ? "" : " AND category IN (". $category_ids_query .") ";
    $spam_restriction = !$isModOrAdmin ? " AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['b8_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['akismet_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) " : "";
 
    $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, 
              UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky 
              FROM `" . $db_settings['forum_table'] . "` 
              WHERE user_id = ". intval($id) . " " . $categories_restriction . " " . $spam_restriction . " 
              ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page']));
 
    $i = 0;

Does it work as expected for you?

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Post reply
  2362 views

Devs is this normal behaviour?

by Chris T, Thursday, December 10, 2020, 14:29 (526 days ago) @ Micha

My expertise is not at all good but I can try it, does this fix apply to version 2.4.19? as I didn't want to upgrade anything before Christmas.

Post reply
  2254 views
Avatar

Devs is this normal behaviour?

by Micha ⌂, Thursday, December 10, 2020, 18:21 (526 days ago) @ Chris T

Hi,

does this fix apply to version 2.4.19?

No, I don't thinks so. I add the changes to 2.5.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Post reply
  2414 views

Devs is this normal behaviour?

by Chris T, Friday, December 11, 2020, 00:31 (526 days ago) @ Micha

Is there anything I can do in 2.4.19 to fix? or do we just have to wait for 2.5?

Post reply
  2358 views
Avatar

Devs is this normal behaviour?

by Micha ⌂, Friday, December 11, 2020, 07:02 (525 days ago) @ Chris T

Hello,

in 2.5, some new tables (e.g. for B8 SPAM protection) are added. These tables are not presented in former versions and my modified SQL will not work here. Usually, SPAM postings are deleted by the admins/mods and, thus, this problem rarely occurs. For short: It is not a show stopper nor a security issue, so, I believe, we will fix it only for the new 2.5 version.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Post reply
  2372 views

Devs is this normal behaviour?

by Chris T, Friday, December 11, 2020, 14:47 (525 days ago) @ Micha

Thank you for your reply.

I will wait for 2.5

Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.

Post reply
  2360 views
Avatar

Devs is this normal behaviour?

by Micha ⌂, Saturday, December 12, 2020, 10:58 (524 days ago) @ Chris T

Hi Chris,

Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.

Yes, that is the goal.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Post reply
  2417 views

RSS Feed of thread