NexusMods Posted April 23 Posted April 23 (edited) Hi there, We unfortunately have come across some abuse of the private message / conversation feature. What happens: Users can message each other, then block the others / themselves from a conversation. As the conversation then has no participants, it's deleted and we have no trace, making it difficult to moderate. Expected behaviour: When there are only two participants, users shouldn't be able to remove the other member (to cause the deletion), or there needs to be some way of verifying that the PM did exist as a forum admin. How to reproduce: Here is the steps to reproduce from our team: Log into AccountA - send a PM to AccountB Within the PM UI, select AccountB from the list of participants and select "Remove from conversation". Delete the message from your inbox as AccountA. Log into AccountB - see that this PM "never existed" but you still have an email confirming it was sent to you. The class / method in question is Messenger\Conversation::deauthorize If you need any more information, please let us know. Edited April 23 by NexusMods topic title MikeWatling, SeNioR- and aia 1 1 1
Joel R Posted April 27 Posted April 27 1. I'm giggling at the cleverness of humanity to continue to find creative new ways to be an @$$ to other members. 2. You may want to investigate some member group settings. For example, you can restrict members from deleting their own personal messages. This does pose other consequences, such as accruing a lifetimes worth of personal messages. Marc 1
AlexWright Posted May 10 Posted May 10 On 4/27/2024 at 2:49 PM, Joel R said: 1. I'm giggling at the cleverness of humanity to continue to find creative new ways to be an @$$ to other members. 2. You may want to investigate some member group settings. For example, you can restrict members from deleting their own personal messages. This does pose other consequences, such as accruing a lifetimes worth of personal messages. We just had a similar issue. Turning off the ability to delete PMs doesn't actually disable the "Remove from Conversation" feature, which still acts as if the conversation has been deleted to the other party. MikeWatling 1
Recommended Posts