Hi,

COPPA profiles are visible to any user with permission to view the forum, even though depending on your specific configuration, they may contain information that per COPPA regulations should not be disclosed without parental consent.

A check for the COPPA usergroup (4) needs to be added and a no permission error returned when these user profiles are accessed.

Paul

In member.php, FIND:

$userinfo=getuserinfo($userid);


INSERT below:

// Bug fix: COPPA profiles visible to all users, 2003-09-21, Paul : http://www.vbulletin.com/forum/showthread.php?p=534318#post534318
if ($userinfo['usergroupid']==4) {
show_nopermission();
}
// End bug fix: COPPA profiles visible to all users

This has not been fixed in 2.3.3.

I've now implemented this fix with a slight change -- it allows admins to view COPPA users profiles.

Use this code instead to implement that:
if ($userinfo['usergroupid'] == 4 && $permissions['cancontrolpanel'] != 1)
{
show_nopermission();
}