#5703 - backend.php showing all available feeds to Guests – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #5703 - backend.php showing all available feeds to Guests

By Guest posted 16th Apr 2024, 9:51 AM

Whoopsie that does sound like an issue.

By Guest posted 17th Apr 2024, 10:49 PM

@Adam I need more information. It looks like RSS hooks have proper privilege checking in place. What specific backend.php URL calls are causing a leak of info? And where are these calls located?

By Guest posted 17th Apr 2024, 10:59 PM

Ignore; I found the issue. I'm assuming it's opml because I saw some feeds listed that guests normally would not have access. I added a clause to hide those for guests.

By Guest posted 17th Apr 2024, 11:02 PM

Automated response: backend.php showing all available feeds to Guests

backend.php opml mode was publicising all available feeds, even ones guests would not be able to access.

This patch hot-fudges a list of feeds we don't want to promote to guests; they will no longer display in the opml feed.

However in v11, we should add a new method in the RSS hooks for privilege checking (based on current member) and use that instead.

By Guest posted 28th Apr 2024, 7:10 PM

Fixed in v11 with a better approach using a new method on RSS hook calls

https://gitlab.com/composr-foundation/composr/-/commit/e25cffa0ff26d49d1b48b2a62694a57855563972

PDStig	Points: 210 Voting power: 27.133 Voting power control percentage: 0.383%
Master Rat	Points: 120 Voting power: 12.446 Voting power control percentage: 0.176%
cupper3	Points: 100 Voting power: 6.581 Voting power control percentage: 0.093%

#5703 - backend.php showing all available feeds to Guests

Leader-board Top Weekly Earners

Coming soon…

Statistics