Not sure if the following scenario is normal behaviour for the script or if it's just a bug I have?
User A posts a message that Akismet marks as spam
User B can then go to User A's posting list and click on the spam post and read what was posted with the yellow spam warning box?
Shouldn't the spam post by User A be invisible to User B until the post has been approved by admin or mods?
by Micha 
, Wednesday, December 09, 2020, 21:34 (903 days ago) @ Chris T
Hi,
no that is not the intended behaviour. Can you check the following changes? Make a backup of the user.inc.php!
Open the user.inc.php and go to the 'show_posts'-case, i.e. line 285f. In line 285f there are two SQL statements (depending on the categories of the forum). Commend both lines and add/repalce the code by the following modified statement:
if ($user_postings_count > 0) { //if ($categories == false) $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page'])); //else $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." AND category IN (". $category_ids_query .") ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page'])); $categories_restriction = $categories == false ? "" : " AND category IN (". $category_ids_query .") "; $spam_restriction = !$isModOrAdmin ? " AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['b8_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['akismet_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) " : ""; $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM `" . $db_settings['forum_table'] . "` WHERE user_id = ". intval($id) . " " . $categories_restriction . " " . $spam_restriction . " ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page'])); $i = 0;
Does it work as expected for you?
/Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
My expertise is not at all good but I can try it, does this fix apply to version 2.4.19? as I didn't want to upgrade anything before Christmas.
by Micha , Thursday, December 10, 2020, 18:21 (903 days ago) @ Chris T
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
Is there anything I can do in 2.4.19 to fix? or do we just have to wait for 2.5?
by Micha , Friday, December 11, 2020, 07:02 (902 days ago) @ Chris T
Hello,
in 2.5, some new tables (e.g. for B8 SPAM protection) are added. These tables are not presented in former versions and my modified SQL will not work here. Usually, SPAM postings are deleted by the admins/mods and, thus, this problem rarely occurs. For short: It is not a show stopper nor a security issue, so, I believe, we will fix it only for the new 2.5 version.
/Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
Thank you for your reply.
I will wait for 2.5
Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.
by Micha , Saturday, December 12, 2020, 10:58 (901 days ago) @ Chris T
Hi Chris,
Can I also ask, will I be able to upgrade from 2.4.19 to 2.5 directly? Skipping versions in between.
Yes, that is the goal.
/Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences