We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Potential annoying/privacy issue with 1.7 | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting
JB Tech (FoxTechs)
JB Tech (FoxTechs) Jul 23 '14
I'm currently on Oxwall 1.7, and I just recently discovered a problem with the newsfeed plugin. 


Basically, if any user (whether they're a mod or not, this also includes users who have no newsfeed control permissions) comments on a newsfeed post and then refreshes the page, they not only have the drop down option of "Deleting" the post, but they also have the option to delete all comments made by OTHER users with it.


Example:


-User A uploads a photo

-User B comments on it

-User C comments on it

-User B reloads the page, and when they hover over the news post that someone else commented on it, they have the option 'Delete Post' available, and they now have the option to 'Delete Comment' of anyone's comments besides their own.


I highly doubt this is a problem on my side as I uploaded and installed Oxwall manually with no problems and only added a couple of plugins that have nothing to do with the Newsfeed functions. This is a very bad problem to have indeed, as Newsfeed will be the main function of my website. I hope to see this bug be cleared sometime during August before I release my site to the public.


Thanks for your time,

~Jake

www.ewtnet.us

#1
ross Team
ross Jul 24 '14
Fox, are you sure you did not do that as an admin? can you please try to reproduce that on demo? I followed the steps provided, and could not do that. 
#2
JB Tech (FoxTechs)
JB Tech (FoxTechs) Jul 24 '14
That's my problem - I made sure I wasn't an admin user. I don't know how this is happening, but there are no code modifications or anything, it's just showing all user's the option to delete other's post/comments.
#3
ross Team
ross Jul 25 '14
please read this post: http://www.oxwall.org/forum/topic/5092
#4
JB Tech (FoxTechs)
JB Tech (FoxTechs) Jul 25 '14
I don't know which one of those I'm in except I know it's not rule 3. If you need clarification, these are the only details I know:


ANY user role can have this happen. If you comment on, for example, someone's photo and someone else does, the user (in this case a non admin) will now have the options to Delete that Post (the photo) and/or ANY other user's comments on it. But only from the actual newsfeed stream can they do this.


At this point I think it may be more of a problem relating to the processing of JS/jQuery, etc., and less a problem with the system itself.

#5
ross Team
ross Jul 28 '14
Fox, can you please share URL where it happens, make sure website is open for registration?
#6
Hadi Kamell
Hadi Kamell Aug 23 '14
tonight i found that in my site any body can delete any post!
this can be a big bug :(
#7
Wilson
Wilson Aug 23 '14
Hey Hadi Kamell,

 if your talking about in the "Groups" yes this is a bug and will be fixed on Monday with the core update 1.7.1...see this link for full details. http://blog.oxwall.org/2014/08/oxwall-1-7-1-beta-available

Wilson
#8
ross Team
ross Aug 24 '14
Hadi, please specify what do you mean by any post?
#9
Hadi Kamell
Hadi Kamell Aug 25 '14

Quote from ross Hadi, please specify what do you mean by any post?

it is explained here: http://www.oxwall.org/forum/topic/23920?page=1#post-108242
#10
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software