Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Yesterday at 02:04 PM
AlexJ Posted December 9, 2023 Posted December 9, 2023 Is it possible to disable in wild card search in admin CP? It seems, through moderator logs, topic titles can be exposed to the members, who don't have access to categories.
Marc Posted December 11, 2023 Posted December 11, 2023 There is no way in which to do this at present, no. I'm a little consused as to what you mean by members having access to items they shouldnt have, as this is an admin function
AlexJ Posted June 23 Author Posted June 23 On 12/11/2023 at 3:27 AM, Marc Stridgen said: There is no way in which to do this at present, no. I'm a little consused as to what you mean by members having access to items they shouldnt have, as this is an admin function Any suggestion on how to block through htaccess or some faster way? =ip&ip=*.* =ip&ip=*.*.* =ip&ip=*.*.*.* Ok so the problem is - you can use wild card search in admin CP and staff members who do not have access to certain categories on forum, can now view topic titles, using this method.
Randy Calvert Posted June 23 Posted June 23 You can block single IPs or blocks of IPs through .htaccess but that’s completely not associated with IPB. Thats a server level function. https://htaccessbook.com/block-ip-address/
AlexJ Posted June 23 Author Posted June 23 (edited) 50 minutes ago, Randy Calvert said: You can block single IPs or blocks of IPs through .htaccess but that’s completely not associated with IPB. Thats a server level function. https://htaccessbook.com/block-ip-address/ I don't think you are understanding the question. I am looking for an option to block certain URL's based on ending I mentioned above. Admin search produces below URL. So looking for option to block that URL. https://invisioncommunity.com/admin/?app=core&module=members&controller=ip&ip=*.* Edited June 23 by AlexJ
Randy Calvert Posted June 23 Posted June 23 What you’re looking to do is not possible in the base software. htaccess is not aware of a logged in user credential or permission so it would not work. You would need some sort of third party resource to do what you want.
Marc Posted June 24 Posted June 24 11 hours ago, AlexJ said: Any suggestion on how to block through htaccess or some faster way? =ip&ip=*.* =ip&ip=*.*.* =ip&ip=*.*.*.* Ok so the problem is - you can use wild card search in admin CP and staff members who do not have access to certain categories on forum, can now view topic titles, using this method. Im still extremely confused as to what you think people can see here. You cannot search for topic titles in the admin CP.
Nathan Explosion Posted June 24 Posted June 24 (edited) 10 hours ago, AlexJ said: I don't think you are understanding the question. Maybe you're not explaining things very clearly? Ultimiately, I think what you want to do is stop staff members who have access to the ACP from being able to use the live search to search for IP addresses because... 12 hours ago, AlexJ said: ...and staff members who do not have access to certain categories on forum, can now view topic titles, using this method. ...the resulting details of the IP address search will have a 'Posts' section that, when clicked, displays the title of the topic where the posts exist. And some of those topics exist in forums to which the staff member doesn't actually have access on the front-end. If that is correct, then maybe your request should be targeted at asking for front-end permissions to be accounted for when displaying that listing of topic titles? If that isn't correct then you're not explaining things very clearly. Edited June 24 by Nathan Explosion
Recommended Posts