Apfelstrudel Posted December 13, 2021 Posted December 13, 2021 (edited) Hello, in 4.6.9 the template of the related content widget has been changed. Now it shows hidden topics also to guests - of course marked as hidden. --- Update: Now it's gone because maybe a guest triggered the widget rebuild and replaced it in cache. But is this intended that if a mod triggers the rebuild the normal people see those kind of "insights" unless the cache is being deleted again? Edited December 13, 2021 by Apfelstrudel
Solution Marc Posted December 13, 2021 Solution Posted December 13, 2021 We dont clear cache on content delete or hide, so it would persist until cache is cleared
NZyan Posted December 14, 2021 Posted December 14, 2021 Sorry, can you elaborate on this: If a moderator / admin triggers the rebuild of a related content cache, hidden content will be visible to guests or members without permission? I'm running some hidden forum sections with strictly confidential content… Andreas
Nathan Explosion Posted December 14, 2021 Posted December 14, 2021 Just now, NZyan said: Sorry, can you elaborate on this: 1) topic visible, shows in widget and is cached 2) topic is deleted, still shows in widget until widget's cache is refreshed.
NZyan Posted December 14, 2021 Posted December 14, 2021 Hm. Not so good. *checks penalties in non disclosure agreements*
NZyan Posted December 14, 2021 Posted December 14, 2021 @Nathan Explosion Thanks! @IPB Can you acknowledge that? To be more precise: Can a user or guest see topics or posts from forums they have no permission to? Andreas
Randy Calvert Posted December 14, 2021 Posted December 14, 2021 If the topic is visible, it’s allowed to show in the widget. If you hide it, I the link/title of the hidden topic remain in the widget until the cache rebuilds. In the mean time if it’s actually clicked without permission to view they will get an error. This is similar to if someone copy’s a link to a post that is later hidden. If they access it via a bookmark, they get an error if they don’t have permission to view the content.
NZyan Posted December 14, 2021 Posted December 14, 2021 OK, so the topic gets only in the widget if it was visible to the public or a broad member group? Asked the other way around: If a topic is posted in a restricted area it's not visible to members without permission to this area?
Randy Calvert Posted December 14, 2021 Posted December 14, 2021 Correct. It’s only in the widget if the user had permission to view the item at the time it generated. If the user lost permission to the item that change occurs immediately… however the old link in the widget won’t disappear until it rebuilds within a few min. If the content was never visible to the user (say an admin area) it wont show to normal users in the widgets. NZyan 1
Marc Posted December 14, 2021 Posted December 14, 2021 4 hours ago, NZyan said: @Nathan Explosion Thanks! @IPB Can you acknowledge that? To be more precise: Can a user or guest see topics or posts from forums they have no permission to? Andreas Blocks are cached, so if an item is deleted or moved, it would take until that cache is cleared for it to be removed
Recommended Posts