All photos shown on cooliris

Not sure if this is supposed to happen, have not checked private photos...

put this link in   http://takeoverjax.com/m/photos/browse/album/anyuser/owner/anybody

change the name of my site to yours, all your photos come up.

Screenshot-43.png · 369.6K · 236 views
ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 3 Nov 2010

for boonex is normal

 

this only need to be show for the owner picture only and only the owner is allow to let any one on the site to view the photo album

like only for friends you can see  all the photos but all the albums in the block is missing

 

the album need to be show in the block two and this album can view is the album owner make this album public or for friends only

 

is they make the album private or any photo will be nice to ask for permission to see the album or the photo

 

like I say before this only need to be set for friends

Post Reply - if you going to help - No for - bla bla bla bla
Quote · 3 Nov 2010

 

for boonex is normal

 

this only need to be show for the owner picture only and only the owner is allow to let any one on the site to view the photo album

like only for friends you can see  all the photos but all the albums in the block is missing

 

the album need to be show in the block two and this album can view is the album owner make this album public or for friends only

 

is they make the album private or any photo will be nice to ask for permission to see the album or the photo

 

like I say before this only need to be set for friends

This was done on another site under a guest account.

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 3 Nov 2010

so this is ok for guest to view pictures on the site?

I have my site set for guest "not" to view photos...

you put the above line in any Dolphin site and you can see all the pictures on the site..

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 4 Nov 2010

I know man but this don't need to happen

they have to be part of the site to view this pc shit of cooliris  make by boonex

 

Post Reply - if you going to help - No for - bla bla bla bla
Quote · 4 Nov 2010

Hi,

yes, I tried using also http://takeoverjax.com/m/photos/browse/allphotos....and it is showing all photos...

This was happening too with guest members to our site, going to all photos menu, and being able to see all photos. What we did was simply remove this menu from visitors page, but still if people know a bit about php, they get there by simply typing the url...

Would like to see a way to prevent this...

Regards,

Sleepless
Quote · 4 Nov 2010

i still haven't found a reason to enable the cooliris future.

Quote · 4 Nov 2010

Uffff this is still not fixed, i just tried by myself. But i think i found a solution.

 

Use Page Access module to restrict m/photos/browse/album/anyuser/ then its not possible anymore.

 

I have also forbidden new users with the name "anybody" and "anyuser", just in case

 

Where this anyuser and anybody coming from? Is it something that cooliris is parsing out of the url given? Its nothing dolphin uses internally i think. And if so, is there more cooliris can be controlled with? I really need to know.

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 26 Jun 2012

 

Uffff this is still not fixed, i just tried by myself. But i think i found a solution.

 

Use Page Access module to restrict m/photos/browse/album/anyuser/ then its not possible anymore.

 

I have also forbidden new users with the name "anybody" and "anyuser", just in case

 

Where this anyuser and anybody coming from? Is it something that cooliris is parsing out of the url given? Its nothing dolphin uses internally i think. And if so, is there more cooliris can be controlled with? I really need to know.

What version of Dolphin are you running?

 This apparently has been addressed, it is no longer a problem in 7.0.9.

http://www.duvallocals.info/m/photos/browse/album/anyuser/owner/anybody

shows a blank box now, before it showed all photos.

[edit] this is still a problem, just took a while for the thousands of photos to show up for the link I posted!!

 

the "anybody" is an example, on my original link the site would show all photos for that link.

Michael

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

Private photos are showing too!


ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

On the bright side, Cooliris is axed in 7.1.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 26 Jun 2012

Cool!!!

If someone looks at the page, you have to wait a while, 2,400 photos need to load. lmao

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

 

On the bright side, Cooliris is axed in 7.1.

 But what about the old dog's that don't change?

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

I just added the url above to page access module and its not possible anymore. Can you all try too and share your results?

my version is 7.0.9

Thx

PS: If thats also not helping then its easy to get rid of it in code. looks like its only one place that needs to be edited.

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 26 Jun 2012

 

I just added the url above to page access module and its not possible anymore. Can you all try too and share your results?

my version is 7.0.9

Thx

PS: If thats also not helping then its easy to get rid of it in code. looks like its only one place that needs to be edited.

 Ahh, this is why the forums are here.

I use PAC extensively on sites and didn't even think about that.. lol!!

Thanks.

[edit] added to PAC and that took care of that!

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

Wait, this still is not a fix.

Site members are still able to do this.

It will be ok I guess, who would use that type of search.

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

What site members can do? I removed permission for this url for all levels not only guests. What exactly do you mean?

 

 

Wait, this still is not a fix.

Site members are still able to do this.

It will be ok I guess, who would use that type of search.

 

 

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 26 Jun 2012

 

What site members can do? I removed permission for this url for all levels not only guests. What exactly do you mean?

 

Wait, this still is not a fix.

Site members are still able to do this.

It will be ok I guess, who would use that type of search.

 

 I guess I need to look into it further.. Thanks

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

You still not told me where anyuser is coming from..... :)

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 26 Jun 2012

 

You still not told me where anyuser is coming from..... :)

 I used this as just an example.. you can put anything in place of it.

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 26 Jun 2012

Okay, then you are right, there is no way to workaround this with Page Access Control as I told before. I thought this only happens based on these url paths. So only guest can be stopped with PAC to view it by using

m/photos/browse/album/

This is really a serious bug, because it breaks privacy. So Boonex needs fix this asap or if there is no way just tell us how to remove cooliris in a safe way. I know where it resided in code but i don't like doing such stuff on production servers. :(

 

I couldn't find any past report on this, so i added a ticket

http://www.boonex.com/trac/dolphin/ticket/2813

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 26 Jun 2012

Hello everybody!

From our side in demo.boonex.com we can't reproduce this trouble. In details - cooliris output depends from rss feed of album's objects and checked by the method isAllowedView which works for simple browse of album and photos in this album. So if user hasn't enought rights he can't:

1) see lisg of objects in albums

2) see cooliris app there

3) take rss feed about album's objects info.

If u're sure that in ur site u have another situation - then plz contact me via Unity mail and provide access details about ur site.

Regards

Quote · 30 Jun 2012

I tested it again and must say i was wrong in one point, the workaround i posted before is indeed working to stop visitors see anything!

When you are logged in as a member cooliris isn't showing anything when you call this url. The reason i thought my workaround isn't working was i tested it with the admin account which shows all photos, which is normal i think. Members can't see anything, so no need to use PAC for them too, which would not be possible.

But: As a site visitor you can call this url and see anything, even private photos if you not use PAC. I will send you login information so you can test it by yourself.

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 30 Jun 2012

Hello!

Yes, got ur trouble now. Ticcket was reopened and solved. See details here http://www.boonex.com/trac/dolphin/changeset/16449 for solution.

Regards

Quote · 5 Jul 2012
Am i right i can put these changes into 7.0.9 without installing 7.1 ?

 

Thanks :)

 

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 5 Jul 2012

 

Hello everybody!

From our side in demo.boonex.com we can't reproduce this trouble. In details - cooliris output depends from rss feed of album's objects and checked by the method isAllowedView which works for simple browse of album and photos in this album. So if user hasn't enought rights he can't:

1) see lisg of objects in albums

2) see cooliris app there

3) take rss feed about album's objects info.

If u're sure that in ur site u have another situation - then plz contact me via Unity mail and provide access details about ur site.

Regards

 http://demo.boonex.com/m/photos/browse/album/anyuser/owner/anybody

looks like all photos to me. Private too..

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 5 Jul 2012

This photo on the demo site is marked private. http://demo.boonex.com/m/photos/view/let-s-make-it-clean

This photo can be seen on the cool iris page.

http://www.youtube.com/watch?v=5d9Tli_oJdQ

I'm having to remove the photos module from some sites due to privacy!! OMG, my adult sites are not safe!!

 

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 5 Jul 2012

@Newton27:

 

The bug was fixed, you can see the changes made in LeonidS post before. You can apply these changes into your dolphin 7.0.9 sites.

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 6 Jul 2012

 

@Newton27:

 

The bug was fixed, you can see the changes made in LeonidS post before. You can apply these changes into your dolphin 7.0.9 sites.

 So they came out with a fix; yet allow the demo to function as is?

Timestamp:07/05/12 06:00:45 (25 hours ago)Author:Leonid Sokushev

ManOfTeal.COM a Proud UNA site, six years running strong!
Quote · 6 Jul 2012

Demo is 7.0.9 and this is fixed in 7.1.

According to LeonidS you can apply the patch to 7.0.9. I tested it and problem is solved

Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81
Quote · 6 Jul 2012
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.