Playground of fun

Since AJs [s­­­]testing[/s] topic is closed, and I don't want to pollute other functional topics.

There are some things that might depend on server configuration and I would like to test them out.

This topic is edited!

Post This post was also edited!

That's beautiful.

Sadly the admin module is better built, so no "You are now giving me admin rights!" yet.

I really need to do something about this forum module, it's way too lax about things. I suppose I should enforce sending POSTs for stuff like marking as spam, subscribing, deleting, etc (or make it a two-step process).

It's on my list when I've got some to address it... best I can do in the meantime is ask not to abuse mark as spam (since that bans people, ouch!)

I really need to do something about this forum module, it's way too lax about things.
This is the default SilverStripe Forum module, only the .ss templates are custom if I understand what you did correctly.

It seems to be well maintained. There is even a tests folder. It is something that a bunch of people are already using. I'm surprised by the negligence about these things. Since registration is open, any user with malicious intent could make this forum module completely unusable.

But even the official silverstripe.org forums are attackable.

Hahaha look at this. Seems like I wasn't the only one noticing the smell.

A few very harsh bug reports are in order.

best I can do in the meantime is ask not to abuse mark as spam
One could make a topic that deletes all other topics when you open it.

A few very harsh bug reports are in order.
I filed a bug report about it to SS, and they removed it from the public bug tracker, but I got subscribed to a thread in their internal bug tracker and they consider this a very serious security issue (that is why it got removed from the public bugtracker in the first place), so I'm hoping for a fix on this soon.