Place Your Ad Here

Bug Search c.type/c.content allows skipping a search handler's getTypePermissionConstraints

There is a bug in this version
X

Xon

Guest
When a search has a valid search handler, and c.type or c.content are used , XenForo does not validate that they are covered by getSearchableContentTypes.

This allows constructing a query which likely side-steps getTypePermissionConstraints for those types.

For example: example search.

This will lack the normal node visibility checks that a post/thread search would have.

The problem is in prepareSearchQuery which handles...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
XenForo Structured data errors in Search Console – Missing "url" in "author" + media type not specified
Replies
0
Views
57
XenForo Development & Modifications
#Anakin
A
X
Bug Wrong return type hint on XF\Search\Query\MetadataConstraint::getMatchType
Replies
0
Views
112
XenForo General Discussions
Xon
X
S
Ques/Help node type Search forum - can I use $xf.visitor.username as Creator?
Replies
0
Views
313
XenForo General Discussions
securedme
S
A
Solved Username input in options page needs to have an option to add type="search"
Replies
0
Views
308
XenForo General Discussions
AndyB
A
A
Bug Username input in options page need to have option to add type="search"
Replies
0
Views
484
XenForo General Discussions
AndyB
A
Top Bottom
Back