https://www.cotonti.com Последние сообщения в теме Cotonti en Thu, 05 Feb 2026 01:15:47 -0000 And I see some serious private security options as I see no options in the adminpanel to block certain groups out of certain areas.

Will explain it in a case.

Site moderator with acces to a private forum not accesable for everyone, including standard members, leaves the ship, or other options *

*other option providing link to the RSS feed of that private section to a third_party.

As soon as a forum/board user or a third-party (not logged in or even registerd) who normally wouldn't have acces to those private forums gets a hold of the RSS feed link to that particual private forums/topic (topic mostly) with:
rss.php?c=topics&id=XX

Then they can keep hold of the stuff posted in that topic via the RSS feeds page, not able to login via the feeds, but they can see the feeds and the last posts made.

Tested this with IE8 RC1, FF305 and Opera 9.63 on my own rig with only Opera logged in, and with 2 laptops not having the login specs to my site and providing them a link to a private topic RSS-feed.
All cases i was able to fully read those private articles.


So with guessing of topic id's a whole site coud be read out, including images and all stuff that should stay private.
That makes the RSS-feeds a bit dangerous to use for me on the board.


The big question for me is:
Can the Forums part of the RSS feeds be ripped out the rss.php and then still keep running for pages, articles and news?

Regards,
HarryRag


[uptdate]
After removing the topics id part of rss i couldn't manage to do so.
Might done some strange, but this is what i ran into.
[/update]]]> вт, 03 фев 2009 09:15:27 -0000 ср, 28 янв 2009 03:57:21 -0000 http://www.cotonti.com/rss.php?c=forums is empty :P]]> ср, 28 янв 2009 03:11:39 -0000 Changed format:
rss.php?c=news (or other category)
rss.php?c=comments&id=XX
rss.php?c=forums
rss.php?c=topics&id=XX
rss.php?c=section&id=XX (this and all subsections)

Added two hooks

rss.create - for create own RSS output. Input - parameters c= and id= , output - items for RSS-feed in $items[][] array. See code for more.

rss.output - hook before RSS output. Output content in $out.[/][/]]]> вт, 27 янв 2009 03:11:57 -0000 [list=1]

Pages and Lists

• Category feed (pages in category and its subcategories)
• Page feed (comments for page)

Forums

• Category feed (topics in forum and its subforums)
• Topic feed (posts in topic)

Plugins (hooks to create feed generators in plugins)

]]> пн, 05 янв 2009 02:28:54 -0000 пн, 05 янв 2009 01:26:58 -0000 also your work is great]]> вс, 04 янв 2009 23:35:07 -0000 http://trac.cotonti.com/changeset/246

Example of feeds:
rss.php?c=news - rss of pages in category "news"
rss.php?c=comments23 - rss of comments by page with id=23

Forum posts and other will be later]]> вс, 04 янв 2009 23:27:34 -0000
There is a rss.php file available, but we should probably trunk it.]]> пт, 21 ноя 2008 01:49:07 -0000 We need it in core i think. :)

What features you want to see ?]]> чт, 20 ноя 2008 23:38:42 -0000