11
ghia
Re: Why one user can edit another user's profile?
  • 2009/11/27 0:14

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


But still room for misunderstandings:
Why would someone from XOOPS being able to give your login details?
And aren't we all from XOOPS?

I need to give my login details to someone from the XOOPS developers, so he can see what is going wrong.

12
bumpeboy
Re: Why one user can edit another user's profile?
  • 2009/11/27 0:35

  • bumpeboy

  • Friend of XOOPS

  • Posts: 170

  • Since: 2008/10/4


Quote:

ghia wrote:
But still room for misunderstandings:
Why would someone from XOOPS being able to give your login details?
And aren't we all from XOOPS?

I need to give my login details to someone from the XOOPS developers, so he can see what is going wrong.



Its a matter of psychological comfort, I will be confident to share my details with anyone in XOOPS who's group falls under Community Support Member,Developer,Theme Designer e.t.c but not with someone like me who is Just popping in. The main reason is that some people might think that they know the problem while they don't and so they might end up excising there knowledge with your site putting it in more danger.

Hope am a little bit clearer on this specific issue.

13
mboyden
Re: Why one user can edit another user's profile?
  • 2009/12/10 14:36

  • mboyden

  • Moderator

  • Posts: 484

  • Since: 2005/3/9 1


I've run into this cache issue in many places. For instance, the User Menu block does a similar thing with the Admin Link if the cache is turned on (showing the admin link to users that don't have admin permissions).

Why turn on caching for the profile module in the first place?

The module caching is a blunt force instrument in general, and module wide, for all the pages and items in the module.

While the bug entry on this requests that we disable caching for the edit profile page, the problem would still exist for the userinfo page, too, and if the visibility permissions are set differently, then that would also similarly present a problem. Same for the search page and such.

So, I ask, is it useful to spend time on fixing this issue when likely one should never turn on caching for the profile module at all?

14
ghia
Re: Why one user can edit another user's profile?
  • 2009/12/10 23:59

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


(In one or other way beyond my intention, your name was assigned to this bug report. I have corrected that.)

For me, it does not matter if the profile module is cachable or not. It should be simply not be possible to run into this kind of problems. If it has to be done by disabling the cache for the profile module altogether, so be it. And by disabling I mean, that the webmasrter is not able to put it on.
I assume most of the operations are very simple and not often reused, so, caching will not add much benefit.

15
trabis
Re: Why one user can edit another user's profile?
  • 2009/12/11 0:16

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


There is a way for disabling cache and it is used on profile userinfo page. We need to add this into edituser:

//disable cache
$GLOBALS['xoopsConfig']['module_cache'][$GLOBALS['xoopsModule']->getVar('mid')] = 0;

16
ghia
Re: Why one user can edit another user's profile?
  • 2009/12/11 0:53

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


And then also in the other files mentioned by mboyden?

17
mboyden
Re: Why one user can edit another user's profile?
  • 2009/12/11 13:47

  • mboyden

  • Moderator

  • Posts: 484

  • Since: 2005/3/9 1


No worries. Yeah, I told trabis I'd work on the Profile module and so he set it up that Profile module bugs would be assigned to me, so that's why I got it. I just wanted clarification before I worked on what you suggested.

Login

Who's Online

155 user(s) are online (56 user(s) are browsing Support Forums)


Members: 0


Guests: 155


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits