We have a user that has figured out how to get around the restrictions put in place on her particular usergroup. The group she is in has "NO" for all permissions except for viewing permissions. The forums she is posting in also have no forum permission overrides.

I can see from the web logs that she is given the "no permission" screen at various times (she clicks logout or doesn't pop over to showthread.php). But for other times the post goes through like normal.

Has anyone else reported such behavior? We're at version 2.2.5 and will move to 2.2.6 once it is stable. But I saw nothing in the change log related to this.

I won't debate if this is a bug or not. I think it is, but no matter.

To duplicate this:

1) Set the 'unregisered' group permission "can reply to other's posts" to YES.
2) Create a new group, say 'cannotpost' and set posting/new thread permission to NO.
3) Add a user to the 'cannotpost' group.
4) Visit the forums
5) Logout
6) View an existing open thread in a forum that has no permission overrides
7) Reply to the thread (as an unregistered user)
8) Change the user/password to the user/password for the user in step 3
9) Finish posting

A post has just been made by a user who can not post.

We've since changed our unregistered group permissions to prevent this loop hole.

One could argue that if you don't want someone to post at all, allowing unregistered users to post would be a bad idea. But nonetheless, there appears to be a missing (second) permission check in newreply.php. It already exists in newthread.php.

Is this already fixed in 2.2.6rc or in the upcomming 2.2.6 final?

The release candidate won't be updated with any bug fixes but checked into cvs and sorted for the final release.

Originally posted by PPN
The release candidate won't be updated with any bug fixes but checked into cvs and sorted for the final release.
Sorry to confuse you :)

I mean:

Was this reported, prior to release of 2.2.6rc (and therefor fixed in 2.2.6rc) or was this reported with 2.2.6rc and will it be fixed in 2.2.6 final ?

all the bugs in this forum are in 2.2.6 RC and all bugs found before are sorted into their appropriate forum.

Originally posted by PPN
all the bugs in this forum are in 2.2.6 RC and all bugs found before are sorted into their appropriate forum. Okidoki