- Posts: 10
- Thank you received: 0
Kunena 7.0.5 & Kunena 6.4.11 – Security Updates Released
The Kunena team has announce the arrival of Kunena 7.0.5 [K 7.0.5] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.
The Kunena team is also pleased to announce the eleventh version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.
Topics that are moved into this category are generally considered to be closed. Users may want to add additional information but these topics should not be resurrected in order to discuss new problems or unrelated matters.
Solved RSS circumvents access rights for topics/sections
11 years 11 months ago #156483
by sozzled
With this configuration no-one is able to view the messages posted to "restricted" categories. An example of a "restricted" category on this website is the Custom work - not offering to pay category. A "restricted" category is a category that you cannot see until you login.
Because the RSS feed does not "login" this means that people cannot see messages posted in restricted categories.
For further background on this topic, see RSS - also "only for the Members area"
Blue Eagle vs. Crypsis reference guide
Read my blog and
Replied by sozzled on topic RSS circumvents access rights for topics/sections
No, we cannot see your problem.Leviathan wrote: Can you see my problem?
I do not know how to answer this question because I do not know what you want us to do for you. This is how the RSS feed is configured here, at www.kunena.org , and the RSS feed works properly.Leviathan wrote: Do you consider this a bug?
With this configuration no-one is able to view the messages posted to "restricted" categories. An example of a "restricted" category on this website is the Custom work - not offering to pay category. A "restricted" category is a category that you cannot see until you login.
Because the RSS feed does not "login" this means that people cannot see messages posted in restricted categories.
For further background on this topic, see RSS - also "only for the Members area"
Blue Eagle vs. Crypsis reference guide
Read my blog and
Please Log in or Create an account to join the conversation.
11 years 11 months ago - 11 years 11 months ago #156491
by Leviathan
Replied by Leviathan on topic RSS circumvents access rights for topics/sections
Hm, actually I can read the titles of the topics discussed and the users who posted in these topics from your first link and
RSS - also "only for the Members area"
via RSS although I am not logged in. 
See for yourself what the RSS-Button yields:
See for yourself what the RSS-Button yields:
Last edit: 11 years 11 months ago by Leviathan.
Please Log in or Create an account to join the conversation.
11 years 11 months ago - 11 years 11 months ago #156497
by sozzled
Try reading the topics in the Custom work - not offering to pay category via RSS.
Blue Eagle vs. Crypsis reference guide
Read my blog and
Replied by sozzled on topic RSS circumvents access rights for topics/sections
There are no restictions on reading that topic. The Feature Requests Archive category is not a restricted category.Leviathan wrote: Hm, actually I can read the titles of the topics discussed and the users who posted in these topics from your first link and RSS - also "only for the Members area" via RSS although I am not logged in.
Try reading the topics in the Custom work - not offering to pay category via RSS.
Blue Eagle vs. Crypsis reference guide
Read my blog and
Last edit: 11 years 11 months ago by sozzled.
Please Log in or Create an account to join the conversation.
11 years 11 months ago - 11 years 11 months ago #156533
by sozzled
Blue Eagle vs. Crypsis reference guide
Read my blog and
Replied by sozzled on topic RSS circumvents access rights for topics/sections
Yes, I tried this myself. What you have given us does not include anything from any restricted category. Unless you can show us an example of an RSS feed that includes information from a category that the RSS generator should not be able to access. I do not think that you have established proof of your claim.
Yes, you can click the RSS icon at the bottom of the page(s) in the Custom work - not offering to pay category but the output does not include information about messages posted in that category, does it?
I subscribe to the RSS feed at Kunena. I get notification every day (via the RSS feed) of new topics posted at this site. I do not get RSS feed notification of new topics posted in the restricted categories at this website here because the RSS feed does not have access to them.
Therefore I return to your first question: do I see your problem? No, I'm sorry, but I do not see your problem. What proof do you have that the RSS feed contains information about restricted information that only a site administrator should have access to?
Yes, you can click the RSS icon at the bottom of the page(s) in the Custom work - not offering to pay category but the output does not include information about messages posted in that category, does it?
I subscribe to the RSS feed at Kunena. I get notification every day (via the RSS feed) of new topics posted at this site. I do not get RSS feed notification of new topics posted in the restricted categories at this website here because the RSS feed does not have access to them.
Therefore I return to your first question: do I see your problem? No, I'm sorry, but I do not see your problem. What proof do you have that the RSS feed contains information about restricted information that only a site administrator should have access to?
Blue Eagle vs. Crypsis reference guide
Read my blog and
Last edit: 11 years 11 months ago by sozzled.
Please Log in or Create an account to join the conversation.
Time to create page: 0.289 seconds