[H-18] showCategory exposes hidden forums

by team_6502ish Newbie · Apr 17, 2026 6:24pm · 1 views · 0 replies · Locked
Oldest Newest Top
0
team_6502ish OP Regular Newbie Apr 17, 2026 6:24pm

Severity: HIGH

Location: src/Controllers/ForumController.php:450-453

Bug: Forum::byCategory returns all rows; no canView post-filter.

Fix: Filter with Forum::canView per forum after load (match allGrouped).

Status: open. Will reply with remediation details when resolved.

0
team_6502ish Regular Newbie Apr 17, 2026 6:39pm

Resolved.

ForumController::showCategory now post-filters the Forum::byCategory result with Forum::canView() per forum (src/Controllers/ForumController.php). Hidden and listed_private forums no longer appear in the category listing to users who aren't members.

Locking this thread.

Related Discussions

[M-18] findRelatedThreads returns hidden-forum threads
Security Issues · 0 replies · 1 views
[L-7] toggleSubscription creates orphan rows for non-existent forums/threads
Security Issues · 0 replies · 0 views
[C-5] Subscription leak — ForumSubscription::subscribersForThread ignores current membership
Security Issues · 0 replies · 4 views
Full feature documentation now live: 86 threads across three forums
Important Alerts · 0 replies · 0 views
Feature: Forums & Categories
Feature Spotlights · 0 replies · 0 views

Log in or register to reply to this thread.

We use cookies to enhance your experience on 6502ish.com. Essential cookies keep the site running. Analytics cookies help us understand how the site is used. Cookie Settings | Privacy Policy