Skip to content

Fixed paranoia inconsistency with users_mod #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MrPMan wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fixed paranoia inconsistency with users_mod #92

MrPMan wants to merge 4 commits into from

Conversation

@MrPMan
Copy link

@MrPMan MrPMan commented Jan 4, 2016

This pull request:

  1. Allows users with users_mod to always view the last seen of other users
  2. Fixes an inconsistency with the calls to check_paranoia in sections/friends/friends.php
  3. Removed an unnecessary check in check_perms

MrPMan added 4 commits January 3, 2016 23:48
@MrPMan
Merge pull request #1 from WhatCD/master
b9443ae 
Fix my own exploits now that they're publicly disclosed
@MrPMan
friends.php uses Level instead of PermissionID
73db505 
Fixes a coding inconsistency that allowed users with users_mod to always view LastSeen, which is intended behavior, but it worked for the wrong reasons.
@MrPMan
users_mod always overrides lastseen paranoia
1653cad 
Users with users_mod always get PARANOIA_OVERRIDDEN for lastseen. This means moderators can now see the LastAccess for higher-ranked staff members, like they should have always been able to.
@MrPMan
Removed unnecessary permissions code
54bc9a7 
$UserInfo['Level'] will never be higher than $UserInfo['EffectiveClass'], as that's the whole point of EffectiveClass. As such, it is pointless to run a comparison against both Level and EffectiveClass in check_perms, as $UserInfo['EffectiveClass'] >= $UserInfo['Level'], so if $UserInfo['Level'] >= $MinClass, $UserInfo['EffectiveClass'] >= $MinClass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MrPMan