[RSS Feed/News] Crafted post search query can skip Post::getTypePermissionConstraints

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
This is related to this bug, but is a deeper design issue.

Both actionSearch/actionMembers allow a search query to target the thread search handler without loading the post search handler's getTypePermissionConstraints values. These search constraints would normally be loaded if a "thread" search was done via the advanced search form.

Thread::getTypePermissionConstraints returns an empty array, unlike...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom