ConCen

ConCen > Tracker And Forum Concerns > Comments Suggestions And Criticism > Anonymous uploader and comments
Full Version: Anonymous uploader and comments
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Armilus

09-26-2011, 07:07 PM
Security issue: forum is revealing uploader's username when a new thread is opened for comments. First post always says 'Torrent uploaded by <username>' despite torrent being uploaded anonymously. This is visible, there are also owner_* and forum_* POST variables inside form which calls createthread.php, those can also be used to determine who the uploader is.

Dunamis

09-26-2011, 09:18 PM
(09-26-2011 07:07 PM)Armilus Wrote: [ -> ]those can also be used to determine who the uploader is.

Well, their username. Wink

FastTadpole

09-27-2011, 02:25 AM
Noted, I have an idea for a fix when we get to it.. if you open it up yourself (at least for me) it's denoted uploaded by tracker. So, in the meantime, put a comment on your own post, then edit the text where it says who it was upped by -- if that doesn't work report it and we'll delete the thread if you want to be totally anonymous.
ConCen > Tracker And Forum Concerns > Comments Suggestions And Criticism > Anonymous uploader and comments
Reference URL's