ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 28,878
- Points
- 823
When a search has a valid search handler, and
This allows constructing a query which likely side-steps
For example: example search.
This will lack the normal node visibility checks that a post/thread search would have.
The problem is in
Read more
Continue reading...
c.type or c.content are used , XenForo does not validate that they are covered by getSearchableContentTypes.This allows constructing a query which likely side-steps
getTypePermissionConstraints for those types.For example: example search.
This will lack the normal node visibility checks that a post/thread search would have.
The problem is in
prepareSearchQuery which handles...Read more
Continue reading...