Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Page Security Levels
09-16-2019, 09:05 PM,
#1
Page Security Levels
Hi Tim,

I found a problem, I didn't know it is my-self setting problem or it is a system problem, I try to set this “Costupdate” Security Levels, but the Security Token always kept "10", can't update to others.
   
It's fixed or other reasons?

Alex
Reply
09-16-2019, 10:40 PM,
#2
RE: Page Security Levels
I will have to check when I have the code in front of me but I believe the cost update security token is hard coded in places. I don't like the hard coding of security tokens but that code isn't mine.
If it is hard coded I am not sure why it is an option here. Will come back to you for sure when I have the code in front of me.

Tim
Reply
09-16-2019, 11:45 PM,
#3
RE: Page Security Levels
Hi Tim

Ok, I am very grateful for your help.

Alex
Reply
09-17-2019, 03:09 AM, (This post was last modified: 09-17-2019, 03:15 AM by TimSchofield.)
#4
RE: Page Security Levels
Ok, If you comment out line 18 of PageSecurity.php (it seems an utterly pointless line), changing it from

$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';
to
//$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';

then you can update that token. It appears to me having looked at the code that this is ok, and that it *should* work fine. That said I didn't write that code so test carefully first.

Tim

=======

There was a very obvious typo in PageSecurity.php that would have been avoided if developers did what I have asked them to do for years, and that is to set error_reporting to -1 while testing code.

I have fixed it and submitted a pull request.

Tim
Reply
09-17-2019, 06:36 AM,
#5
RE: Page Security Levels
Thanks Tim,

Yes, this is useful, I have changed the COSTUPDATE Security token.

However, I feel that sometimes in order to avoid misuse, may can add a protection function on this page, "Require password confirmation before making any changes," which is safer.

Thanks again

Alex
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)