some smart users on my board found a way to circumvent the attachment moderation: if you make an attachment, then edit your message you get to see the url to the attachment and can add it to your message so everybody gets to download the attachment even though it hasn't been moderated... not exactly what we had in mind when we turned on attachment moderation in the first place.

I just tested this on my board and when I went to edit the message, there was no url to the attachment shown anywhere. :confused:

While I am not sure this is possible, you can make sure it can't happen by opening attachment.php and finding the line:

if (!$attachmentinfo=$DB_site->query_first("SELECT filename,filedata,dateline FROM attachment WHERE attachmentid='$attachmentid'")){

and change to

if (!$attachmentinfo=$DB_site->query_first("SELECT filename,filedata,dateline FROM attachment WHERE attachmentid='$attachmentid' AND visible = 1")){

smachol: are you sure? I just verified this on my board. The test forum won't do you any good on my forum because it's set to allow attachments by default so that users can practice.. but I made one in our suggestion forum logged in under a regular registered user account, then pressed edit (of course this only works if you allow your users to edit their own posts), then at the bottom of the table you have the attachment options: .. there it says "keep current attachment (attachment)" where attachment contains a link to the uploaded file.. copy and paste that in the message and voila.

freddie: thanks for the hint.. I will upload the changed file as soon as they reinstate my ftp access.

btw.. I recently moved the board over to a faster server. the old board has been deactivated and unless somebody bothered to write the down IP of the old server there's no way they'll ever get back there (we had a couple of DNS entries and forwards that are commonly used).. is that enough to comply with the terms of the license or must the files be deleted from the old server?

Yeah I'm very sure. I saw the 'Keep current attachment' but there was no link to an uploaded file. Very strange!

Just out of curiosity, are you on a Windows server?

The link is in the edit part so the change I gave you will keep anyone from viewing the attachment until it is moderated.

Originally posted by freddie
The link is in the edit part so the change I gave you will keep anyone from viewing the attachment until it is moderated. Any idea why I don't see this link on my boards?

Edit my post and you will see it.. Perhaps you modified your editpost_attachment template?

D'oh! I was looking for a URL on the page and didn't even think to put my cursor over the link to the attachment. My stupdity at work here! :o

as far as I know the new one is a linux box, too. Wasn't there a phpinfo somewhere as part of the board?

If this is a bug that is going to be been fixed, can someone move this to the bug forum?

It has already been fixed.

Sheesh freddie I just moved it! :D

I fixed it at the same time I posted the fix in this thread.