Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Search is revealing invisible space content #2702

Closed
001101 opened this issue Aug 5, 2017 · 3 comments
Closed

[BUG] Search is revealing invisible space content #2702

001101 opened this issue Aug 5, 2017 · 3 comments
Labels
Status:Need investigation

Comments

@001101
Copy link

001101 commented Aug 5, 2017
edited

Hello,

running a public HumHub as community and just noticed that content from invisible spaces are completely visible in the search.

Running HumHub 1.2.1 and did now a update to 1.2.2, but same results.

Tested it with another keyword and it seems, that it only appears to posts which involves a image, maybe that is the bug?

It was revealed the whole post with answers.

Tested it also with different testing users, which was created with a timespan from 1 year and it appears on both of them, both of them are normal users, which have no permissions on viewing this private space , which was never in it and was never been admin.

Best wishes

system: kvm based vps, centos 7.3, php7, apache2, nginx proxy
@001101 001101 changed the title Search is revealing invisible Spaces Content Search is revealing invisible space content Aug 5, 2017
@001101 001101 changed the title Search is revealing invisible space content [BUG] Search is revealing invisible space content Aug 5, 2017
@001101
Copy link
Author

001101 commented Dec 3, 2017

So now, did today the update to 1.2.3 and now the search is reveling any content for guests, without being logged in!

Can someone (@buddh4) please tell me how to stop that?

@001101
Copy link
Author

001101 commented Dec 3, 2017
edited

Fixed it for myself, but I think it is a bug or my files are not completly updated by the updater module, some things are strange sometimes on this old installation, the rewrite rule for users is also not working and has never, whatever, here is the fix:

/protected/humhub/modules/search/controllers/SearchController.php

public function behaviors()
{
return [
'acl' => [
'class' => \humhub\components\behaviors\AccessControl::className(),
'guestAllowedActions' => ['login']
]
];
}

Which unfortunately does not working as expected (in DirectoryController.php it does, maybe in future), but it stops the search function for guests.

@Felli
Copy link
Contributor

Felli commented Dec 3, 2017
edited

@001101 You should try modifying the following which is how the notifications overview.

public function behaviors()
    {
        return [
            'acl' => [
                'class' => \humhub\components\behaviors\AccessControl::className(),
            ]
        ];
    }

    /**
     * Returns a List of all notifications for the session user
     */
    public function actionIndex()
    {
        if (Yii::$app->user->isGuest) {
            return Yii::$app->user->loginRequired();
        }

@buddh4 buddh4 closed this as completed in eaea259 Dec 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status:Need investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Felli @001101 @buddh4