We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
CRITICAL BUG | Forum
Joseph Simon
Apr 15 '13
Finally i was able to reproduce theBUG i mentioned in oxwall before .I renamed a file i found on my desktop,kinda like patially downloaded file .temp. I renamed it to FILE.tem to file.JPEG and i got accepted by the sytem.The picture u see is the default avatar not the picture.I changed the default avatar to that 3D animation.Some how someone is able to by pass my system approval too.I dont know how they do it,but i am trying to figure it out like i figured this out too....Oxwall guys need to check this issue SERIOUSLY.
Team Alia
Apr 17 '13
Joseph, that is the way system was designed to work originally.
System checked by file resolution. If resolution is "allowed" one, registration is completed. If file was of incorrect format, system just displays default avatar image. Other users will not be able to see this file, download it or do anything with it.
If you think that this somehow effect your site security, let me know. I will need to have more info on how this can effect your site to check with developers.
Regarding users bypassing approval.
Are you referring to the fact that unapproved users are displayed in your newsfeed activity and under "members" section of your site?
System checked by file resolution. If resolution is "allowed" one, registration is completed. If file was of incorrect format, system just displays default avatar image. Other users will not be able to see this file, download it or do anything with it.
If you think that this somehow effect your site security, let me know. I will need to have more info on how this can effect your site to check with developers.
Regarding users bypassing approval.
Are you referring to the fact that unapproved users are displayed in your newsfeed activity and under "members" section of your site?
Joseph Simon
Apr 18 '13
Because we dont want people with fake photo ...and i constantly monitor my site so they were not allowed to do anything in site.Before that i will delete them...
