Hi Tim,
I found a problem, I didn't know it is my-self setting problem or it is a system problem, I try to set this “Costupdate” Security Levels, but the Security Token always kept "10", can't update to others.
[
attachment=986]
It's fixed or other reasons?
Alex
I will have to check when I have the code in front of me but I believe the cost update security token is hard coded in places. I don't like the hard coding of security tokens but that code isn't mine.
If it is hard coded I am not sure why it is an option here. Will come back to you for sure when I have the code in front of me.
Tim
Hi Tim
Ok, I am very grateful for your help.
Alex
Ok, If you comment out line 18 of PageSecurity.php (it seems an utterly pointless line), changing it from
$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';
to
//$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';
then you can update that token. It appears to me having looked at the code that this is ok, and that it *should* work fine. That said I didn't write that code so test carefully first.
Tim
=======
There was a very obvious typo in PageSecurity.php that would have been avoided if developers did what I have asked them to do for years, and that is to set error_reporting to -1 while testing code.
I have fixed it and submitted a pull request.
Tim
Thanks Tim,
Yes, this is useful, I have changed the COSTUPDATE Security token.
However, I feel that sometimes in order to avoid misuse, may can add a protection function on this page, "Require password confirmation before making any changes," which is safer.
Thanks again
Alex