TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

March 28, 2024, 08:52:09 AM

Login with username, password and session length
Members
Stats
  • Total Posts: 195,104
  • Total Topics: 21,212
  • Online today: 212
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 1
  • Guests: 207
  • Total: 208
  • illori

TPShoutbox history is not rendered properly after 1.6.9 -> 2.1.0 upgrade

Started by MegaBrutal, November 08, 2021, 09:15:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MegaBrutal

Hi all, I'm new here! :)

I've recently upgraded TinyPortal 1.6.9 to TinyPortal 2.1.0 on my private test instance where I test modifications before I introduce them on my forum.

On the TPShout block, there is a little History icon which leads to the following URL (with 2.1.0):
https://<<domain>>/index.php?action=tpshout;shout=show50;b=1;l=0

Note that this button points to a different URL with 1.6.9:
https://<<domain>>/index.php?action=tpmod;shout=show50

With 1.6.9, it shows 50 of the last shoutbox messages, positioning the content to the body of the page, so you can get a nice, full page view of the list of messages under the title bar ,,Shoutbox". With 2.1.0, it doesn't work. Only a title bar, ,,TinyPortal Shoutbox" appears with an empty page below.

I actually tried it on this very TinyPortal instance as well, so navigated to the History of your ,,Shoutbox Block" displayed on the main page:
https://www.tinyportal.net/index.php?action=tpshout;shout=show50;b=1;l=0

Basically the same thing happens... Is it intended, or is it a bug, or a problem with my settings? How can I fix it?

(Sidenote: I'm also curious if there is a way to set the message input box lower without modifying the code... I also realized that I use a Shoutbox style on the centre of my main page that's intended for sidebars; but still I'd like to keep it because I like how the messages appear in bubbles and I'm sure my users got used to it as well.)


Link to my forum: <<Private test instance with HTTP authentication>>
SMF version: 2.0.18
TP version: 2.1.0
Default Forum Language: Hungarian (UTF-8)
Theme name and version: Losox Theme By SMFSimple.com
Browser Name and Version: Mozilla Firefox 94.0
Mods installed: TinyPortal and too many to list and I don't think they interfere
Related Error messages: No error messages appear

tino

No that's a bug, seems we (I) missed the history link. When I did the massive change to remove tpmod

MegaBrutal

Awesome, thank you for confirming this! Any hope that it will be fixed in 2.1.1?

Anyway, now that I'm in contact with you, I'd like to bring it to your attention that the older tpmod solution on the 1.6 line doesn't do any permission check when you view the message history as I described above. No matter how I restricted access to the Shoutbox, it was still viewable through the "?action=tpmod;shout=show50" URL for anyone without login. My guess is that I only restricted access to the block that displays the Shoutbox, so it's not shown for unauthorized users, but I couldn't restrict access to TPShout itself.

tino

I'll try and find some time to look at it, if someone else doesn't get to it first.

Permission is easy enough to fix, just need to add the check at the start of the function.

tino

The fix for what you reported is as follows, change Sources/TPShout.php

Remove the following

$shoutbox_id = (isset($_POST['b']) ? $_POST['b'] : NULL);
$shoutbox_limit = (isset($_POST['l']) ? $_POST['l'] : NULL);
$shoutbox_del = (isset($_POST['s']) ? $_POST['s'] : NULL);


Add the following

$shoutbox_id = TPUtil::filter('b', 'request', 'int') ?? null;
$shoutbox_limit = TPUtil::filter('l', 'request', 'int') ?? null;
$shoutbox_del = TPUtil::filter('s', 'request', 'int') ?? null;


That's shown in this commit, minus the null coalesce I missed off at first.

https://github.com/tinoest/TinyPortal/commit/966ee418c62f48b98b320ee4aa0b50625a664a4a

tino

Regarding you second point if you add

isAllowedTo('tp_can_shout'); just before those lines it will stop all access to the shoutbox functions if you are not allowed to shout. 

MegaBrutal