collapse

* Simple Portal Archived Forum

This is an Archive Forum.

The content in this forum may be out-of-date or have been superseded by newer information, and links in forum pages to other sites may not work.
This forum contains archives for future reference.

Visit our thread at Simple Machines Forum for current support.

SMF 2.1 users: EhPortal is a ported version of Simple Portal specifically designed for the SMF 2.1 branch.
Please visit web-develop.ca to download EhPortal and for its support.

* User Info

 
 
Welcome, Guest. Please login or register.

* Who's Online

  • Dot Guests: 490
  • Dot Hidden: 0
  • Dot Users: 0

There aren't any users online.

* Shoutbox

Refresh History
  • Shoutbox is not for support!
  • {OCS}MasterSeal: Yup, Still adore SP
    April 21, 2019, 07:08:06 PM
  • {OCS}MasterSeal: STILL love SP :)
    November 24, 2018, 05:05:50 AM
  • ♦ Ninja ZX-10RR ♦: <3 aegersz
    September 13, 2018, 03:36:09 PM
  • aegersz: I STILL <3 LOVE SimplePortal
    September 13, 2018, 07:11:39 AM
  • aegersz: o LOVE you guys - Simple Portal rocks !
    May 09, 2018, 05:18:59 AM
  • Chen Zhen: our apologies for the site being down.. please read server issues topic
    March 22, 2018, 05:32:38 AM
  • {OCS}MasterSeal: LOL PLEASE forget I just posted that. I found the answer in my own dang post back in 2015. lol sorry!
    July 04, 2017, 10:47:55 PM
  • {OCS}MasterSeal: I know this SB isnt' for support, but I just have a general question. Who would I contact to find out where SP stores its block info? Is it DB driven or files? I searched the site but came up with nothing. probably my fault any insight is appreciated.
    July 04, 2017, 10:43:36 PM
  • ♦ Ninja ZX-10RR ♦: Excuse me but what does Simpleportal have to deal with that?
    February 05, 2017, 08:21:14 PM
  • WhiteEagle: of course IMHO that site appears to be dead :(
    February 04, 2017, 01:08:05 PM
  • WhiteEagle: If I can get that, then I'll use it for that site...
    February 04, 2017, 01:07:35 PM
  • WhiteEagle: decided to not use SMF for any projects, unless I can get a copy of the premium version of the fanfiction archive plugin
    February 04, 2017, 01:06:54 PM
  • expertdecisions: cloudflare
    January 28, 2017, 08:01:47 AM
  • aegersz: SM release 2.0.13 !
    January 12, 2017, 06:00:13 AM
  • raffo: Tks Emanuele, even if I didn't understand the fix :D
    November 07, 2016, 02:01:20 AM
  • emanuele: [link]
    November 01, 2016, 12:43:50 PM
  • emanuele: raffo: the English support board is a good place. ;)
    November 01, 2016, 12:43:38 PM
  • raffo: Where can I find the fix for the shoutbox?
    November 01, 2016, 05:06:09 AM
  • {OCS}MasterSeal: To the SP team, I make a point to come here and thank you as much as possible for your work.  so again, THANK YOU!
    October 28, 2016, 10:38:05 AM
  • emanuele: That's indeed funny, the limit is present only in the patch and not the full install.
    October 22, 2016, 06:14:58 PM

* Recent Posts

Adding Forums Button to Nav bar by jirapon
[August 01, 2019, 09:07:12 AM]


Re: Board Icons by ♦ Ninja ZX-10RR ♦
[July 30, 2019, 04:03:41 PM]


MOVED: Czech translation???? by ♦ Ninja ZX-10RR ♦
[July 30, 2019, 03:04:51 PM]


Board Icons by jirapon
[July 30, 2019, 07:28:44 AM]


Re: Thankyou Simpleportal, by ♦ Ninja ZX-10RR ♦
[July 29, 2019, 09:41:29 AM]

NEED HELP? If you're looking for support with Simple Portal, look no further than the Support Board!

Author Topic: Possible bug with member group permissions and SP blocks  (Read 33025 times)

0 Members and 1 Guest are viewing this topic.

Offline andy

  • On Leave
  • *
  • Posts: 861
  • Gender: Male
    • Outdoor Club Japan (OCJ) アウトドア・クラブ・ジャパン
  • SMF Version: 2.0.15
  • SP Version: 2.3.7
  • Elkarte Version: None
Possible bug with member group permissions and SP blocks
« on: November 30, 2015, 05:41:40 AM »
Found this by accident today. Maybe its not worth changing but I will mention it.

During testing changes for member groups I set block permissions for the new group (ID=26). I deleted the new group after some problems with the group permission profile and then created a new group again, with the same name.
It had the same ID number.
SP blocks still had the same permission settings for the old group which I had just deleted. Really I think it should have cleared them if the group was deleted.
Lucky for me though as I didn’t need to set them all again.



Andy
« Last Edit: November 30, 2015, 05:43:54 AM by andy »
Everyone is a volunteer here so please try and make a small donation to keep the Simple Portal website running


Offline Burke Knight

  • Sr. Member
  • ****
  • Posts: 394
  • Gender: Male
  • I tell it how I see it. Don't like it? Hit Alt+F4
    • BurkeKnight Enterprises
  • SMF Version: None
  • SP Version: None
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #1 on: November 30, 2015, 05:53:04 AM »
1. This would appear to be a SMF bug, if it was assigned the same ID, as every time I used to delete a group, then make new, it would use a new ID number.
2. You are correct, though, that if group is deleted, SP should also delete the settings for that group ID.

Offline ♦ Ninja ZX-10RR ♦

  • Spammer Hammer
  • Support
  • *
  • Posts: 1193
  • Gender: Male
  • Sniper Legends
    • Virtual Interactive Games Entertainment™
  • SMF Version: 2.0.13
  • SP Version: 2.3.6
  • Elkarte Version: 1.0.6
Re: Possible bug with member group permissions and SP blocks
« Reply #2 on: November 30, 2015, 08:52:34 AM »
I second Burke on this one, he is totally right on both of those.
Have you tried SimplePortal Documentation before asking? ;)
F.A.Q.  English Support  |  Blocks Support
Fancy Feature idea ?!  |  Blocks Requests
Themes & Graphics

? My job! ?No PMs for support unless it's a paid request. Thank you! :)#OpIsis

Offline andy

  • On Leave
  • *
  • Posts: 861
  • Gender: Male
    • Outdoor Club Japan (OCJ) アウトドア・クラブ・ジャパン
  • SMF Version: 2.0.15
  • SP Version: 2.3.7
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #3 on: November 30, 2015, 10:26:19 AM »
I had assumed SMF would use the next ID for a new group. I need to test again to see if that is true.
Even if it uses the same ID after one is deleted is hard to call that a bug (on the SMF side).

As I set newly registered members to be put in a specific group Im certain about the deleted group number (ID 26). I expected the new group to have an incremented ID number. It is not actually necessary like a topic as when a group is deleted it cannot be retrieved.
I havent confirmed if this happens with board IDs.
Everyone is a volunteer here so please try and make a small donation to keep the Simple Portal website running


Offline andy

  • On Leave
  • *
  • Posts: 861
  • Gender: Male
    • Outdoor Club Japan (OCJ) アウトドア・クラブ・ジャパン
  • SMF Version: 2.0.15
  • SP Version: 2.3.7
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #4 on: November 30, 2015, 11:36:36 AM »
Bedtime here for me but I can confirm....

New boards  have incremented IDs

New groups do not!
Well, Im assuming the naming of it makes no difference. Just done it again and same ID number was used  after one deleted.

You could call it an SMF bug and a SP bug.
Everyone is a volunteer here so please try and make a small donation to keep the Simple Portal website running


Offline andy

  • On Leave
  • *
  • Posts: 861
  • Gender: Male
    • Outdoor Club Japan (OCJ) アウトドア・クラブ・ジャパン
  • SMF Version: 2.0.15
  • SP Version: 2.3.7
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #5 on: November 30, 2015, 12:23:11 PM »
Looks official then now - a simple portal bug...

http://www.simplemachines.org/community/index.php?topic=541648.0
Everyone is a volunteer here so please try and make a small donation to keep the Simple Portal website running


Offline emanuele

  • Developer
  • *
  • Posts: 293
Re: Possible bug with member group permissions and SP blocks
« Reply #6 on: November 30, 2015, 01:13:17 PM »
Never liked the re-use of IDs... :-\

Offline Eliana Tamerin

  • Comrade
  • *
  • Posts: 2889
  • Gender: Female
  • SMF Version: 2 RC2
  • SP Version: 2.3.2
Re: Possible bug with member group permissions and SP blocks
« Reply #7 on: November 30, 2015, 02:31:32 PM »
Never liked the re-use of IDs... :-\

I hope you've fixed this for Elkarte then.

We should probably sanitize SP's data when a membergroup is deleted, and check to be sure that we sanitize other data upon deletion of other elements when appropriate.
Ms. Eliana TamerinIt should be painfully obvious by now that I don't respond to support PMs. Don't send me PMs for support. They will be ignored and deleted, post on the Support Boards to get support.

Offline emanuele

  • Developer
  • *
  • Posts: 293
Re: Possible bug with member group permissions and SP blocks
« Reply #8 on: November 30, 2015, 02:40:02 PM »
Never liked the re-use of IDs... :-\

I hope you've fixed this for Elkarte then.
Nope, because it's the first time I noticed. LOL O:-)

Offline ♦ Ninja ZX-10RR ♦

  • Spammer Hammer
  • Support
  • *
  • Posts: 1193
  • Gender: Male
  • Sniper Legends
    • Virtual Interactive Games Entertainment™
  • SMF Version: 2.0.13
  • SP Version: 2.3.6
  • Elkarte Version: 1.0.6
Re: Possible bug with member group permissions and SP blocks
« Reply #9 on: November 30, 2015, 03:39:22 PM »
You could throw this one into the bug tracker, too - http://simpleportal.net/index.php?project=1
Have you tried SimplePortal Documentation before asking? ;)
F.A.Q.  English Support  |  Blocks Support
Fancy Feature idea ?!  |  Blocks Requests
Themes & Graphics

? My job! ?No PMs for support unless it's a paid request. Thank you! :)#OpIsis

Offline ccbtimewiz

  • Hero Member
  • *****
  • Posts: 2185
  • Gender: Male
  • $("div.content:dd").hide();
  • SMF Version: None
  • SP Version: None
  • Elkarte Version: None
  • EhPortal Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #10 on: November 30, 2015, 07:37:49 PM »
Could add a "maintenance" section to the SP admin, that runs a "optimize database" function that will clean up ununsed data. Also could change the functions for creating new blocks to delete the permissions when deleted

Offline andy

  • On Leave
  • *
  • Posts: 861
  • Gender: Male
    • Outdoor Club Japan (OCJ) アウトドア・クラブ・ジャパン
  • SMF Version: 2.0.15
  • SP Version: 2.3.7
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #11 on: December 01, 2015, 12:08:46 AM »
I noticed several things do not function uniformly or consistently in SMF.

If topics and board IDs are automatically incremented even if deleted then so should member groups. Over there they say its a saving for SMALLINT but its ridiculous for member groups - they will never reach the limit.


I just looked over there and surprised by the extra comments on SMF. Same old story - no need to change.
Everyone is a volunteer here so please try and make a small donation to keep the Simple Portal website running


Offline ♦ Ninja ZX-10RR ♦

  • Spammer Hammer
  • Support
  • *
  • Posts: 1193
  • Gender: Male
  • Sniper Legends
    • Virtual Interactive Games Entertainment™
  • SMF Version: 2.0.13
  • SP Version: 2.3.6
  • Elkarte Version: 1.0.6
Re: Possible bug with member group permissions and SP blocks
« Reply #12 on: December 01, 2015, 07:00:01 AM »
I noticed, even Bruno started to be disappointing since he joined the team, a bit sad.
Have you tried SimplePortal Documentation before asking? ;)
F.A.Q.  English Support  |  Blocks Support
Fancy Feature idea ?!  |  Blocks Requests
Themes & Graphics

? My job! ?No PMs for support unless it's a paid request. Thank you! :)#OpIsis

Offline Burke Knight

  • Sr. Member
  • ****
  • Posts: 394
  • Gender: Male
  • I tell it how I see it. Don't like it? Hit Alt+F4
    • BurkeKnight Enterprises
  • SMF Version: None
  • SP Version: None
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #13 on: December 01, 2015, 07:03:53 AM »
I noticed several things do not function uniformly or consistently in SMF.
Typical SMF. Then they want to focus the blame elsewhere.

I just looked over there and surprised by the extra comments on SMF. Same old story - no need to change.
Again, typical, and this time, Old Kindred showed his true SMF/Coding ignorance, again.
« Last Edit: December 01, 2015, 07:08:08 AM by Burke Knight »

Offline ccbtimewiz

  • Hero Member
  • *****
  • Posts: 2185
  • Gender: Male
  • $("div.content:dd").hide();
  • SMF Version: None
  • SP Version: None
  • Elkarte Version: None
  • EhPortal Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #14 on: December 01, 2015, 07:46:08 PM »
If topics and board IDs are automatically incremented even if deleted then so should member groups. Over there they say its a saving for SMALLINT but its ridiculous for member groups - they will never reach the limit.

Take this scenario for example, imagine that you created a new group called "maintenance administrators" where they have various admin_forum permissions. This group is ID#20. You create various PHP scripts that look for "group 20" that are both external and internal.

Now say you deleted the group on accident when managing membergroups or account information. This group no longer exists, and any external scripts will no longer be able to find group #20. If you recreate a new group, it might or might not be #20 depending if there is a #21 existing already. If there is no group #21 or further, it will create #20 so you "fallback" your mistake. Without the fallback the only way to append that situation is to make a new group and then manually change its ID in the database.

It's designed purposely to fallback a mistake, which is about 90% of what would happen if you delete a membergroup intended to have high level privileges. Of course this can be bad because if you delete the group and then end up making a completely different group later down the road and then it ends up having your previous group's admin permissions without you knowing... this is a security risk. SMF should be automatically cleaning out data that is currently not associated. I think that is the real issue here-- the data is not being cleaned out, and not the increment process.

On the other hand, you should be aware of the permissions of every group as you're given quite a lot of tools through SMF to check them.

Offline Burke Knight

  • Sr. Member
  • ****
  • Posts: 394
  • Gender: Male
  • I tell it how I see it. Don't like it? Hit Alt+F4
    • BurkeKnight Enterprises
  • SMF Version: None
  • SP Version: None
  • Elkarte Version: None
Re: Possible bug with member group permissions and SP blocks
« Reply #15 on: December 01, 2015, 09:30:49 PM »
No offences meant, but deleting a membergroup by mistake, is a very, very slim chance, compared to choosing to delete one that is no longer needed.

Then what happens, when a new group takes that ID, made for a "banned" group, and the admin was not aware of this and missed on making needed changes that had been set for the old group. Then we have people in a banned group, having admin abilities. Unacceptable and a downright security issue. Especially, since those at SM.org always says, do not use the ban system, which I do agree with, as it tends to strain the servers, but making a banned group instead is a good way.

I'm sorry, I'm one that says the number should not be re-used, and that's for security reasons. If one accidentally deletes a membergroup, then they can restore it via a backup. Don't have a backup? Too bad, it's only the MOST recommended thing to do. Look in 85% of topics at SM.org. ;)

Offline ♦ Ninja ZX-10RR ♦

  • Spammer Hammer
  • Support
  • *
  • Posts: 1193
  • Gender: Male
  • Sniper Legends
    • Virtual Interactive Games Entertainment™
  • SMF Version: 2.0.13
  • SP Version: 2.3.6
  • Elkarte Version: 1.0.6
Re: Possible bug with member group permissions and SP blocks
« Reply #16 on: December 02, 2015, 07:21:19 AM »
Agree with Burke on my part :/
Have you tried SimplePortal Documentation before asking? ;)
F.A.Q.  English Support  |  Blocks Support
Fancy Feature idea ?!  |  Blocks Requests
Themes & Graphics

? My job! ?No PMs for support unless it's a paid request. Thank you! :)#OpIsis

Offline emanuele

  • Developer
  • *
  • Posts: 293
Re: Possible bug with member group permissions and SP blocks
« Reply #17 on: December 02, 2015, 08:47:41 AM »
Take this scenario for example, imagine that you created a new group called "maintenance administrators" where they have various admin_forum permissions. This group is ID#20. You create various PHP scripts that look for "group 20" that are both external and internal.
Let me stop right here.

If your script is meant to be executed automatically (e.g. by cronjob), there is absolutely no reason to check for permissions because in any case it would not be run "under" a certain user ID, and as such it will be a "guest", so it will not have any particular permission (and write a bot that simulate a member belonging to a certain group it's quite the effort just to run such a script).

If your script is meant to be executed based on the "current member" but adding a "maintenace admin" group in order to let the users do their work, then this is bad design. Sorry.

And finally: when checking permissions you should never, ever base your tests on the group ID, but always on the allowedTo functions.

So, nope, the example scenario doesn't justify the reuse.


This is very simply a design choice of those who coded the thing first, it dates back to YaBB (not YaBB-SE, really YaBB, the one in perl) where groups were saved in a file as an array. My perl is quite rusty, but I think the array didn't keep track of ids to simulate an autoincrement and so the last one was scraped when the group was removed without keeping any trace. Adding a new group, then, was replacing the previously existing group id.
Probably the behaviour was kept at first to maintain backward compatibility, then for laziness.

BTW, a nice article: http://blog.8thlight.com/uncle-bob/2014/04/03/Code-Hoarders.html :P

Ninja edit: fixed your usual typo with closing code tags everywhere, lol
« Last Edit: December 02, 2015, 10:35:38 AM by ♦ Ninja ZX-10RR ♦ »

Offline ♦ Ninja ZX-10RR ♦

  • Spammer Hammer
  • Support
  • *
  • Posts: 1193
  • Gender: Male
  • Sniper Legends
    • Virtual Interactive Games Entertainment™
  • SMF Version: 2.0.13
  • SP Version: 2.3.6
  • Elkarte Version: 1.0.6
Re: Possible bug with member group permissions and SP blocks
« Reply #18 on: December 02, 2015, 10:38:45 AM »
Apart from fixing your closing tags... What about the fix to force it to increment the membergroup ID? Would it be easy or does it require massive amounts of work? I never dealt with these particular things before so I have no idea :D
Have you tried SimplePortal Documentation before asking? ;)
F.A.Q.  English Support  |  Blocks Support
Fancy Feature idea ?!  |  Blocks Requests
Themes & Graphics

? My job! ?No PMs for support unless it's a paid request. Thank you! :)#OpIsis

Offline emanuele

  • Developer
  • *
  • Posts: 293
Re: Possible bug with member group permissions and SP blocks
« Reply #19 on: December 02, 2015, 05:36:28 PM »
Remove the MAX-query and drop the id from insert query.
I guess that's all there is to do (maybe retrieve the inserted id afterwards if needed for the redirect).
I doubt there is to touch anything else, those already inserted are already fine, any new one will be "good".