Forum Permissions Not Working - Hidden forums seen

  • Betroffene App
    WoltLab Suite Forum

    I do not know where or how, but somewhere there is a leak.

    The category this is posted in has every user group permission set to DENY on all settings and on all user groups (except for Admins / Moderators). The forum it was posted in has every user group permission also set to DENY on all settings and on all user groups (except for Admins / Moderators).

    There should be nothing telling anyone outside of Admins that there is something there to even look for, let alone crawl.

    Einmal editiert, zuletzt von Aslan (25. April 2015 um 06:49)

  • That there's someone doesn't mean, that he can access it.

    • "Hidden" forums are hidden from the board list, but still accessible, if anyone knows their ID(s).
    • Every page is basically accessible for everyone and the location is correctly displayed. However, if someone is not permitted, he will see the exception, while the who is online list shows the location that someone tries to access (if it's a "registered" location).
    • This "guest" is Amazon.

    However, i can remember that this "issues" have been explained more than once to you.

  • However, i can remember that this "issues" have been explained more than once to you.

    1st time reporting it. ?(

    That there's someone doesn't mean, that he can access it.


    "Hidden" forums are hidden from the board list, but still accessible, if anyone knows their ID(s).

    Every page is basically accessible for everyone and the location is correctly displayed. However, if someone is not permitted, he will see the exception, while the who is online list shows the location that someone tries to access (if it's a "registered" location).

    Was not an issue on other developments. If it was hidden, there was no reference of someone even attempting to view it.

    • Offizieller Beitrag

    It works exactly this way, but you should be aware that the location displayed in the Users Online list just names the page the user has attempted to access last. This happens regardless if the access was actually granted or denied, don't let yourself mislead by this.

  • It works exactly this way, but you should be aware that the location displayed in the Users Online list just names the page the user has attempted to access last. This happens regardless if the access was actually granted or denied, don't let yourself mislead by this.

    Alright, thanks for explaining. In previous developments it would have said that X user has reached an error page or was denied access.

    This one got me worried because from the screen shot it seems they're viewing it and even trying to post in it (creating thread was seen once or twice).

    Thank you :)

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!