Jump to content
Announcing Achievements! ×

Community

Clear Notifications


Tom Irons
 Share

Recommended Posts

  • 4 weeks later...
  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I don't have a problem either with Clear Notifications on 4.4.4.  

Bingo! Thanks to all.

About This File This plugin will allow users to clear their notifications list.    

Posted Images

  • 3 months later...

Hi @Tom Irons I wanted to let you know there's a potential bug in your plugin "Clear Notifications" that triggered a whole mess of system errors on my community :) 

 \IPS\Member::loggedIn() returns a guest object

Another third-party developer kindly suggested you use the following code to stop the error:

public function clearNotifications()
   {
            /* Clear the users notifications */
            if( \IPS\Member::loggedIn()->member_id ){
                \IPS\Db::i()->delete( 'core_notifications', 'member=' . \IPS\Member::loggedIn()->member_id );
            }
           \IPS\Output::i()->redirect( \IPS\Http\Url::internal( NULL ), 'ClearNotifications_complete' );

   }

Hope this helps

Link to comment
Share on other sites

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
DELETE FROM `core_notifications` WHERE member=
 | File                                                                       | Function                                                                      | Line No.          |
 |----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------|
 | /system/Db/Db.php                                                          | [IPS\Db\_Exception].__construct                                               | 393               |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 | /system/Db/Db.php                                                          | [IPS\_Db].preparedQuery                                                       | 946               |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 | /init.php(443) : eval()'d code                                             | [IPS\_Db].delete                                                              | 10                |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 |                                                                            | [IPS\core\modules\front\system\hook1313].clearNotifications                   |                   |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 | /system/Dispatcher/Controller.php                                          | [].call_user_func                                                             | 85                |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 | /system/Dispatcher/Dispatcher.php                                          | [IPS\Dispatcher\_Controller].execute                                          | 129               |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 | /index.php                                                                 | [IPS\_Dispatcher].run                                                         | 15                |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'

 

#0 /home/nginx/domains/mywebsite.com/public/init.php(507): IPS\_Log::log('DELETE FROM `co...', 'uncaught_except...')
#1 [internal function]: IPS\IPS::exceptionHandler(Object(IPS\Db\Exception))
#2 {main}

 

Link to comment
Share on other sites

It is not so much a bug as CSRF vulnerability. No checking CSRF key. Thus malitious user may in some way to follow the link and delete all user notifications.
We created a similar plugin without reloading the page on Ajax http://ipbskins.ru/forum/files/file/341-siv41-delete-all-notifications/
Uplaod to the marketplace, but for some unknown reason the file is not approved..
 

Link to comment
Share on other sites

I don't think there is anyway someone can maliciously delete someone's notifications. It checks to see if the user is logged in and if they are it will only remove their notifications.

I would assume it wasn't approved cause mine is already on the marketplace. Why would they want more than one plugin to do the same thing?

Link to comment
Share on other sites

On 13 января 2017 г. at 6:50 AM, Tom Irons said:

I don't think there is anyway someone can maliciously delete someone's notifications. It checks to see if the user is logged in and if they are it will only remove their notifications.

What will happen if you go directly to the link? Will be removed the notification of the current user. That is, one way or another, can call the address  and run the function of the current user without verifying that the request came from him. For example posting the directly link, shortened link or dynamic image. You don't check CSRF key and it is in this case is a potential vulnerability (see cross site request forgery attack). Suppose that in this case a small, but if it came to the removal of personal correspondence? This is serious.

Edited by Fisana.
Link to comment
Share on other sites

  • 2 months later...
  • 4 months later...

We've noticed a problem with 1.01 on our forum (v. 4.2.2) when using computer or iPad. When clicking Clear notifications in the 'View all notifications' list an alert appears as below, whereas when clicking Clear notifications on the Notifications popup the feature works as it should.

Clear notifications.png

Edited by WJWM
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy