NexusMods Posted April 23 Share Posted April 23 (edited) Hi there, We unfortunately have come across some abuse of the private message / conversation feature. What happens: Users can message each other, then block the others / themselves from a conversation. As the conversation then has no participants, it's deleted and we have no trace, making it difficult to moderate. Expected behaviour: When there are only two participants, users shouldn't be able to remove the other member (to cause the deletion), or there needs to be some way of verifying that the PM did exist as a forum admin. How to reproduce: Here is the steps to reproduce from our team: Log into AccountA - send a PM to AccountB Within the PM UI, select AccountB from the list of participants and select "Remove from conversation". Delete the message from your inbox as AccountA. Log into AccountB - see that this PM "never existed" but you still have an email confirming it was sent to you. The class / method in question is Messenger\Conversation::deauthorize If you need any more information, please let us know. Edited April 23 by NexusMods topic title MikeWatling 1 Link to comment Share on other sites More sharing options...
Joel R Posted Saturday at 06:49 PM Share Posted Saturday at 06:49 PM 1. I'm giggling at the cleverness of humanity to continue to find creative new ways to be an @$$ to other members. 2. You may want to investigate some member group settings. For example, you can restrict members from deleting their own personal messages. This does pose other consequences, such as accruing a lifetimes worth of personal messages. Marc Stridgen 1 Link to comment Share on other sites More sharing options...
Recommended Posts