Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Page howtoprofilepage not found for others user.

steamsteam www.planamigo.org - #1 foro planes amigo

Hi,
I found a bug. It's seems all work fine for administrator, but when other user intent see the howtopage it's not found by vanilla.

In short admin can see this page but not other user.
/profile/howtoprofilepage/68/user

It may be related to permissions?

Tagged:

Comments

  • R_JR_J Ex-Fanboy Munich Admin

    Well, no bug, but sloppy coded and not enough documented...

    Take a look at that part of the code:

        public function profileController_howToProfilePage_create ($sender) {
            // We have to tell the profile controller whose profile we want to see.
            // The info is taken from the url - it has been passed as a parameter.
            // "true" denotes that we want to also check if the viewer as correct
            // permissions to see the profile.
            $sender->GetUserInfo('', '', $sender->RequestArgs[0], true);
    

    The last parameter has something to do with permissions. If you set the last parameter od getUserInfo() to true, it checks if the viewing user has one of the following permissions: 'Garden.Users.Edit' or 'Moderation.Profiles.Edit'. If it is set to false, everyone will be able to see that page.

    But I the profile tab is added without checking permissions. That leads to a very bad user experience. Thanks for pointing me to this.

    I guess your problem will be solved if you change $sender->GetUserInfo('', '', $sender->RequestArgs[0], true); to $sender->GetUserInfo('', '', $sender->RequestArgs[0], false);

  • steamsteam www.planamigo.org - #1 foro planes amigo
    edited November 2015

    Yes, set to false it works. The profile tab link has confused me.

    Thanks for clearing

  • Hey Thanks for uploading the plugin,

    I am looking out of a custom profile page, something like user should be able to do simple copy paste from a word or HTML file, or may be able to take directly input HTML file with all images etc. So that any user is able to create complete profile including images etc, directly into custom profile.

    Is there anyone who had extended the above code to do something like above ?

    or

    can give me ready piece of code to update the existing plugin to do this, kindly share.

    One can learn and extend further. But right now I am in a bit hurry, and more interested in making use rather than developing something on my own.

    Warm Regards
    Anand

Sign In or Register to comment.