groupjive security issue not resolved
- inscores
- OFFLINE
-
Junior Member
- Posts: 28
- Thanks: 0
- Karma: 0
12 years 7 months ago - 12 years 7 months ago #177195
by inscores
groupjive security issue not resolved was created by inscores
Hello,
I have the upgraded version on prof. level now. When a group member logs in to their account and goes to the category menu , the registered members can under the category menu delete or unpublish a group. how and where do i go to make it so they cannot delete or unpublish a group . Otherwise somebody can really make a mess of things by deleting it all. Can you help please?
CATEGORY MENU
NAME: PROFESSIONAL PHONE REPS
CATEGORIES: 0
GROUPS: 1
TYPES: OPEN, APPROVAL, INVITE
EDIT
UNPUBLISH
DELETE
I have the upgraded version on prof. level now. When a group member logs in to their account and goes to the category menu , the registered members can under the category menu delete or unpublish a group. how and where do i go to make it so they cannot delete or unpublish a group . Otherwise somebody can really make a mess of things by deleting it all. Can you help please?
CATEGORY MENU
NAME: PROFESSIONAL PHONE REPS
CATEGORIES: 0
GROUPS: 1
TYPES: OPEN, APPROVAL, INVITE
EDIT
UNPUBLISH
DELETE
Last edit: 12 years 7 months ago by inscores. Reason: added info
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68555
- Thanks: 9098
- Karma: 1434
12 years 7 months ago - 12 years 7 months ago #177196
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Potential GJ security risks
They can only delete or unpublish a group that belongs to them. Please provide CB version, Joomla version, and GJ version. Did you test if the links are functional? Currently there's a bug that causes links to display even if they don't have permission to use the links, but the links aren't functional. This bug is only present on GJ 2.4 RC2 and only on profile tab.
Update:
Found the cause and resolved for next release, not a security vulnerability and is purely cosmetic.
Please understand folks you are professional subscribers and you are using a Beta release of GJ 2.4 to assist in testing and improving for a stable launch. You will have issues and there will be bugs. Please be patient with that understanding and I do not recommend usage on production sites until the "kinks" have been worked out.
Update:
Found the cause and resolved for next release, not a security vulnerability and is purely cosmetic.
Please understand folks you are professional subscribers and you are using a Beta release of GJ 2.4 to assist in testing and improving for a stable launch. You will have issues and there will be bugs. Please be patient with that understanding and I do not recommend usage on production sites until the "kinks" have been worked out.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 12 years 7 months ago by krileon.
The following user(s) said Thank You: beat
Please Log in to join the conversation.
- inscores
- OFFLINE
-
Junior Member
- Posts: 28
- Thanks: 0
- Karma: 0
12 years 7 months ago - 12 years 7 months ago #177265
by inscores
Replied by inscores on topic Re: Potential GJ security risks
I have joomla 1.5 and cb 1.7 cgroupjive 2.4cr2
Is there any way after setting the groups and categories up that only then can the super administrator publish, delete, unpublish? I set up a test member with no superadmin access and its showing i can still delete etc. ?How do i change that feature? Otherwise anyone in the groups could delete whatever. I did disable the panel but then my members cannot join anything. I want them to join a group but not have anyway to disable, delete un-publish etc. I set the owner to all the groups as my super admin owner yet when i log in under my testers they can delete each other and delete the groups .Sorry, i dont see how this is purely cosmetic. Please just tell me what parameters need to be set to resolve the above issue
please help.Thank you
Is there any way after setting the groups and categories up that only then can the super administrator publish, delete, unpublish? I set up a test member with no superadmin access and its showing i can still delete etc. ?How do i change that feature? Otherwise anyone in the groups could delete whatever. I did disable the panel but then my members cannot join anything. I want them to join a group but not have anyway to disable, delete un-publish etc. I set the owner to all the groups as my super admin owner yet when i log in under my testers they can delete each other and delete the groups .Sorry, i dont see how this is purely cosmetic. Please just tell me what parameters need to be set to resolve the above issue
please help.Thank you
Last edit: 12 years 7 months ago by inscores. Reason: added more info
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68555
- Thanks: 9098
- Karma: 1434
12 years 7 months ago #177293
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Potential GJ security risks
This is only applied to groups and categories shown on users profiles (this also applies to the "Panel" as it's same API). It does not apply to groups seen through GJs frontend URL. Again, it's a cosmetic issue that affects the display of certain URLs but they will not function. This has already been fixed for next release. As I've stated already professional releases are betas and are intended to first looks, testing, and feedback. Do not use them on a production site.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- inscores
- OFFLINE
-
Junior Member
- Posts: 28
- Thanks: 0
- Karma: 0
12 years 7 months ago - 12 years 7 months ago #177297
by inscores
Replied by inscores on topic Re: Potential GJ security risks
so how long do i have to wait for a stable version? This doesnt work for me . i would like a full refund of my pro membership. thanks anyways!
Last edit: 12 years 7 months ago by inscores.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68555
- Thanks: 9098
- Karma: 1434
12 years 7 months ago #177319
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Potential GJ security risks
This issue is only present in GJ 2.4 RC2 as it is a beta build (as RC implies). It's a known bug that has already been fixed for next release. I'm working as quickly as possible to address all issues and review all feedback provided. If you'd like a stable release then please uninstall GJ 2.4 and install GJ 2.3 found in the advanced downloads section.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.242 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- groupjive security issue not resolved