Not sure if this is supposed to happen, have not checked private photos...
put this link in http://takeoverjax.com/m/photos/browse/album/anyuser/owner/anybody
change the name of my site to yours, all your photos come up.
Not sure if this is supposed to happen, have not checked private photos... put this link in http://takeoverjax.com/m/photos/browse/album/anyuser/owner/anybody change the name of my site to yours, all your photos come up. ManOfTeal.COM a Proud UNA site, six years running strong! |
for boonex is normal
this only need to be show for the owner picture only and only the owner is allow to let any one on the site to view the photo album like only for friends you can see all the photos but all the albums in the block is missing
the album need to be show in the block two and this album can view is the album owner make this album public or for friends only
is they make the album private or any photo will be nice to ask for permission to see the album or the photo
like I say before this only need to be set for friends Post Reply - if you going to help - No for - bla bla bla bla |
for boonex is normal
this only need to be show for the owner picture only and only the owner is allow to let any one on the site to view the photo album like only for friends you can see all the photos but all the albums in the block is missing
the album need to be show in the block two and this album can view is the album owner make this album public or for friends only
is they make the album private or any photo will be nice to ask for permission to see the album or the photo
like I say before this only need to be set for friends This was done on another site under a guest account. ManOfTeal.COM a Proud UNA site, six years running strong! |
so this is ok for guest to view pictures on the site? I have my site set for guest "not" to view photos... you put the above line in any Dolphin site and you can see all the pictures on the site.. ManOfTeal.COM a Proud UNA site, six years running strong! |
I know man but this don't need to happen they have to be part of the site to view this pc shit of cooliris make by boonex
Post Reply - if you going to help - No for - bla bla bla bla |
Hi, yes, I tried using also http://takeoverjax.com/m/photos/browse/allphotos....and it is showing all photos... This was happening too with guest members to our site, going to all photos menu, and being able to see all photos. What we did was simply remove this menu from visitors page, but still if people know a bit about php, they get there by simply typing the url... Would like to see a way to prevent this... Regards, Sleepless |
i still haven't found a reason to enable the cooliris future. |
Uffff this is still not fixed, i just tried by myself. But i think i found a solution.
Use Page Access module to restrict m/photos/browse/album/anyuser/ then its not possible anymore.
I have also forbidden new users with the name "anybody" and "anyuser", just in case
Where this anyuser and anybody coming from? Is it something that cooliris is parsing out of the url given? Its nothing dolphin uses internally i think. And if so, is there more cooliris can be controlled with? I really need to know. Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
Uffff this is still not fixed, i just tried by myself. But i think i found a solution.
Use Page Access module to restrict m/photos/browse/album/anyuser/ then its not possible anymore.
I have also forbidden new users with the name "anybody" and "anyuser", just in case
Where this anyuser and anybody coming from? Is it something that cooliris is parsing out of the url given? Its nothing dolphin uses internally i think. And if so, is there more cooliris can be controlled with? I really need to know. What version of Dolphin are you running? This apparently has been addressed, it is no longer a problem in 7.0.9. http://www.duvallocals.info/m/photos/browse/album/anyuser/owner/anybody shows a blank box now, before it showed all photos. [edit] this is still a problem, just took a while for the thousands of photos to show up for the link I posted!!
the "anybody" is an example, on my original link the site would show all photos for that link. Michael ManOfTeal.COM a Proud UNA site, six years running strong! |
Private photos are showing too! ManOfTeal.COM a Proud UNA site, six years running strong! |
On the bright side, Cooliris is axed in 7.1. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Cool!!! If someone looks at the page, you have to wait a while, 2,400 photos need to load. lmao ManOfTeal.COM a Proud UNA site, six years running strong! |
On the bright side, Cooliris is axed in 7.1. But what about the old dog's that don't change? ManOfTeal.COM a Proud UNA site, six years running strong! |
I just added the url above to page access module and its not possible anymore. Can you all try too and share your results? my version is 7.0.9 Thx PS: If thats also not helping then its easy to get rid of it in code. looks like its only one place that needs to be edited. Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
I just added the url above to page access module and its not possible anymore. Can you all try too and share your results? my version is 7.0.9 Thx PS: If thats also not helping then its easy to get rid of it in code. looks like its only one place that needs to be edited. Ahh, this is why the forums are here. I use PAC extensively on sites and didn't even think about that.. lol!! Thanks. [edit] added to PAC and that took care of that! ManOfTeal.COM a Proud UNA site, six years running strong! |
Wait, this still is not a fix. Site members are still able to do this. It will be ok I guess, who would use that type of search. ManOfTeal.COM a Proud UNA site, six years running strong! |
What site members can do? I removed permission for this url for all levels not only guests. What exactly do you mean?
Wait, this still is not a fix. Site members are still able to do this. It will be ok I guess, who would use that type of search.
Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
What site members can do? I removed permission for this url for all levels not only guests. What exactly do you mean?
Wait, this still is not a fix. Site members are still able to do this. It will be ok I guess, who would use that type of search.
I guess I need to look into it further.. Thanks ManOfTeal.COM a Proud UNA site, six years running strong! |
You still not told me where anyuser is coming from..... :) Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
You still not told me where anyuser is coming from..... :) I used this as just an example.. you can put anything in place of it. ManOfTeal.COM a Proud UNA site, six years running strong! |
Okay, then you are right, there is no way to workaround this with Page Access Control as I told before. I thought this only happens based on these url paths. So only guest can be stopped with PAC to view it by using m/photos/browse/album/ This is really a serious bug, because it breaks privacy. So Boonex needs fix this asap or if there is no way just tell us how to remove cooliris in a safe way. I know where it resided in code but i don't like doing such stuff on production servers. :(
I couldn't find any past report on this, so i added a ticket Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
Hello everybody! From our side in demo.boonex.com we can't reproduce this trouble. In details - cooliris output depends from rss feed of album's objects and checked by the method isAllowedView which works for simple browse of album and photos in this album. So if user hasn't enought rights he can't: 1) see lisg of objects in albums 2) see cooliris app there 3) take rss feed about album's objects info. If u're sure that in ur site u have another situation - then plz contact me via Unity mail and provide access details about ur site. Regards |
I tested it again and must say i was wrong in one point, the workaround i posted before is indeed working to stop visitors see anything! When you are logged in as a member cooliris isn't showing anything when you call this url. The reason i thought my workaround isn't working was i tested it with the admin account which shows all photos, which is normal i think. Members can't see anything, so no need to use PAC for them too, which would not be possible. But: As a site visitor you can call this url and see anything, even private photos if you not use PAC. I will send you login information so you can test it by yourself. Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
Hello! Yes, got ur trouble now. Ticcket was reopened and solved. See details here http://www.boonex.com/trac/dolphin/changeset/16449 for solution. Regards |
Am i right i can put these changes into 7.0.9 without installing 7.1 ?
Thanks :)
Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
Hello everybody! From our side in demo.boonex.com we can't reproduce this trouble. In details - cooliris output depends from rss feed of album's objects and checked by the method isAllowedView which works for simple browse of album and photos in this album. So if user hasn't enought rights he can't: 1) see lisg of objects in albums 2) see cooliris app there 3) take rss feed about album's objects info. If u're sure that in ur site u have another situation - then plz contact me via Unity mail and provide access details about ur site. Regards http://demo.boonex.com/m/photos/browse/album/anyuser/owner/anybody looks like all photos to me. Private too.. ManOfTeal.COM a Proud UNA site, six years running strong! |
This photo on the demo site is marked private. http://demo.boonex.com/m/photos/view/let-s-make-it-clean This photo can be seen on the cool iris page. http://www.youtube.com/watch?v=5d9Tli_oJdQ I'm having to remove the photos module from some sites due to privacy!! OMG, my adult sites are not safe!!
ManOfTeal.COM a Proud UNA site, six years running strong! |
@Newton27:
The bug was fixed, you can see the changes made in LeonidS post before. You can apply these changes into your dolphin 7.0.9 sites. Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
@Newton27:
The bug was fixed, you can see the changes made in LeonidS post before. You can apply these changes into your dolphin 7.0.9 sites. So they came out with a fix; yet allow the demo to function as is? Timestamp:07/05/12 06:00:45 (25 hours ago)Author:Leonid Sokushev ManOfTeal.COM a Proud UNA site, six years running strong! |
Demo is 7.0.9 and this is fixed in 7.1. According to LeonidS you can apply the patch to 7.0.9. I tested it and problem is solved Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |