[#2913] Hidden profiles can be guessed and pulled via url
- ignatius2
- OFFLINE
-
Premium Member
- Posts: 153
- Thanks: 0
- Karma: 0
12 years 6 months ago - 12 years 6 months ago #179830
by ignatius2
Replied by ignatius2 on topic Re: Hidden profiles can be guessed and pulled via url
Thanks Kyle,
I was able to save the action but for some reason this particular action does not work (in FF 3.6xx). I downloaded and installed 1.0.2 but this produces the same result. I am not redirected when trying to get to a profile that I should be redirected away from, based on a CB custom field.
I do not see the message when trying to get to a forbidden profile.
When after running tests I was able to see the message, it was listed 24 times rather than only ounce.
I tried to redirect to my-profile, index.php?option=com_comprofiler, or even %20index.php?option=com_comprofiler. Nothing works.
The expression you gave me is:
[cb:userdata field="cb_myfield" user="#displayed" /]
Equal To
[cb:userdata field="cb_myfield" user="#me" /]
Could this be failing because I am using Joomla SEF?
Note that if I replace the field I selected with a field that does not exist, I get into a loop and receive the following error message:
"The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies."
Thanks
John
I was able to save the action but for some reason this particular action does not work (in FF 3.6xx). I downloaded and installed 1.0.2 but this produces the same result. I am not redirected when trying to get to a profile that I should be redirected away from, based on a CB custom field.
I do not see the message when trying to get to a forbidden profile.
When after running tests I was able to see the message, it was listed 24 times rather than only ounce.
I tried to redirect to my-profile, index.php?option=com_comprofiler, or even %20index.php?option=com_comprofiler. Nothing works.
The expression you gave me is:
[cb:userdata field="cb_myfield" user="#displayed" /]
Equal To
[cb:userdata field="cb_myfield" user="#me" /]
Could this be failing because I am using Joomla SEF?
Note that if I replace the field I selected with a field that does not exist, I get into a loop and receive the following error message:
"The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies."
Thanks
John
Last edit: 12 years 6 months ago by ignatius2.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68602
- Thanks: 9108
- Karma: 1434
12 years 6 months ago - 12 years 6 months ago #179838
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Hidden profiles can be guessed and pulled via url
Your trigger is a trigger executed on all profiles and your redirect is to your own profile. You've effectively created an infinite loop. The condition maybe incorrect and is for you to re-test and debug accordingly as I can not guarantee how your fields will behave or output. The best way to test is to create a delimiter field then put your substitutions in it and see if they output as you would expect and if not adjust as necessary. The plugin is confirmed working fine and so is the redirect, but is just your condition that is failing.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 12 years 6 months ago by krileon.
Please Log in to join the conversation.
- ignatius2
- OFFLINE
-
Premium Member
- Posts: 153
- Thanks: 0
- Karma: 0
12 years 6 months ago - 12 years 6 months ago #179849
by ignatius2
Replied by ignatius2 on topic Re: Hidden profiles can be guessed and pulled via url
Thanks a lot Kyle,
It works
John
It works
John
Last edit: 12 years 6 months ago by ignatius2.
Please Log in to join the conversation.
- ignatius2
- OFFLINE
-
Premium Member
- Posts: 153
- Thanks: 0
- Karma: 0
12 years 6 months ago - 12 years 6 months ago #180032
by ignatius2
Replied by ignatius2 on topic Re: Hidden profiles can be guessed and pulled via url
Oooops FYI, it seems that I found something else... it seems that the exclude option at the bottom of the action form does not seem to work. No rush from my perspective, I do not need that feature yet.
Thanks
John
Thanks
John
Last edit: 12 years 6 months ago by ignatius2.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68602
- Thanks: 9108
- Karma: 1434
12 years 6 months ago #180097
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Hidden profiles can be guessed and pulled via url
For exclude to work you need to specify a comma separated list of userids (e.g. 62,97,130).
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- ignatius2
- OFFLINE
-
Premium Member
- Posts: 153
- Thanks: 0
- Karma: 0
12 years 6 months ago #180098
by ignatius2
Replied by ignatius2 on topic Re: Hidden profiles can be guessed and pulled via url
Of course, I did. I tried with 62 and it did not work. Should I have tried with "62,"?
Thanks
Thanks
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.191 seconds
-
You are here:
- Home
- Forums
- Archive
- Advanced Members Support
- [#2913] Hidden profiles can be guessed and pulled via url