Support Forum
Support Forum
Offline
Hi guys,
First of all, awesome plugin 
2nd of all, I was looking through my traffic logs and noticed some of the referrer addresses were direct hits to the forum/rss/etcc I followed one of the links and it downloaded the feed, opened in word format and could read all of the forum posts.
The link looks something like this http://www.mywebsite.com/forum.....3131313133
I'm a noob so I'm not sure what's going on, I accessed the links while being logged out, through a different computer, on my phone, and all of them I could go and read the feed in plain text of all the forum posts.
Have I broken something? The sections of the forum I'm talking about are private.. am I the only one with those links?
Any ideas/comments would be appreciated.
Cheers!
Offline
Well there are 2 parts to this answer...
The 'feedkey' part of the RSS url can only be identified with the user it belongs to so - if you ARE using feedkeys and these are passed in the RSS request, SP will adopt that feedkey, locate the user it belongs to and apply the correct permissions to what data is returned.
If feedkeys are not in use - or if they are, and someone requests a feed without the feedkey, SP will apply the 'guest' permissions.
But the second part is a question... Where does that 'forceupdate' query var come in to it? That is not generated by SP...
 |
YELLOW
SWORDFISH
|
All RSS1 Guest(s)