search

opensource-socialnetwork / opensource-socialnetwork

Open Source Social Network (OSSN) is a social networking software written in PHP. It allows you to make a social networking website and helps your members build social relationships, with people who share similar professional or personal interests. It is available in 17 international languages.
https://www.opensource-socialnetwork.org
Other
1.07k stars 506 forks source link

[B] Non logged in visitor can view private posts #2158

Closed dieterbaier closed 2 years ago

dieterbaier commented 2 years ago

Sorry for this issue! Maybe it works as it is supposed to work!? At least for my situation I could 'work around' with the component 'ProfAccess 2.0'. This component enabled disallows any non signed in user to view the profile of a posting user and therefore can also not see any private post. Still it's a bit funny, that private posts get filtered on the profile page as long a user is signed in but not, when a unsigned user would visit a profile... I keep the following issue open; but feel free to close it, if the system really works, as it is supposed to work!

If a user set the privacy on a post to 'friends only', this post is supposed to be shown only to signed in users who are 'in connection' with the user. Right?

When the site is not 'private' (e.g. with the component 'Private Network') I expect, that at least the 'private' posts will not be displayed for users not signed in. Am I right?

This seams to work, if a user not signed in tries to open a post directly. BUT: if such a user follows the link to the timeline of the posting user, the not signed in user gets all post displayed. Also the private ones.

You can check it out: https://ossn.dieterbaier.eu/post/view/35 (public post; will be displayed to a not signed in visitor); https://ossn.dieterbaier.eu/post/view/34 (private post; will not be displayed on opening the link directly; but if you follow the link to the users timeline, you'll see this post, eventhough you are not signed in).

lianglee commented 2 years ago

@dieterbaier thanks for reporting the issue can you confirm OSSN version you are running?

lianglee commented 2 years ago

Created a friends only post on

https://demo.opensource-socialnetwork.org/post/view/42

image

Viewing the URL as non loggedin visitor getting 404 error

lianglee commented 2 years ago

Sorry I can confirm there is some kind of bug here. Need to look deep. Steps to reproduce

[Admin or non admin user]

  1. Create a friends only wall post
  2. Logout
  3. Go to user profile
  4. You will see a friends only post
lianglee commented 2 years ago

Fixed in OSSN 6.2 you may apply patch with above details. https://github.com/opensource-socialnetwork/opensource-socialnetwork/commit/5b359feddfb97588dfac4c4b1ebc591398b66fc1

Seems users wall section got less attention when we created post filtering for blocked users.

dieterbaier commented 2 years ago

Thanks for the fast response :-) Awesome work!