Bug Security Concern: Group Forum URL Exposes Private Content

[sumanta0018]

When I open a "group forums" direct URL, I or any member can see the thread list and open threads from closed, private, or hidden groups.

Here is my Social Groups URL:
https://www.technofino.in/community/dbtech-social/

And here is the group forum URL:
https://www.technofino.in/community/forums/this-is-hidden/

From this group forum URL, any member can access and open threads that were posted inside closed/private/hidden groups, which shouldn't be possible.

I imported the data from [tl] Social Groups 4.0.9, and before installing, only group members were able to access threads via the group forum URL. But now it seems to be open to all.

Please fix this issue.

 

[Fillip H.]

Sorry, I have no idea what you're referring to when you say "group forum URL". No such publicly accessible feature exists in DragonByte Social Groups.

Are you sure those forums are not leftovers from the [tl] Social Groups? If so, you will need to either delete that entire data set or restrict it behind node permissions.

I am not responsible for exposing any data generated by other addons, and I cannot fix any such issues.

 

[sumanta0018]

My bad... the section was created by [tl] Social Groups. I’ve fixed the issue now.

After switching to your add-on, I noticed that a few features available in [tl] Social Groups are missing in yours. I’d really appreciate it if you could consider adding these benefits:

1. News Feed – A separate section within the group where members can post updates, similar to profile posts.
2. Custom Group URL – Ability to assign custom URLs to groups, with permission control based on the member’s (Ladder) Level.
3. Live Chat Section – An instant group chat feature within the group. (This wasn’t available in our old add-on either, so it's a new recommendation.)

 

[Fillip H.]

This section is for support, not for suggestions

Please post new suggestions (one thread per feature, please!) in this section: https://www.dragonbyte-tech.com/forums/dragonbyte-social-groups-suggestions.586/ after you've checked if the suggestion already exists. Upvoting an existing suggestion has more of an impact compared to posting a brand new one.

Thanks!