Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Page Security Levels
09-16-2019, 09:05 PM
Post: #1
Page Security Levels
Hi Tim,

I found a problem, I didn't know it is my-self setting problem or it is a system problem, I try to set this “Costupdate” Security Levels, but the Security Token always kept "10", can't update to others.
   
It's fixed or other reasons?

Alex
Find all posts by this user
Quote this message in a reply
09-16-2019, 10:40 PM
Post: #2
RE: Page Security Levels
I will have to check when I have the code in front of me but I believe the cost update security token is hard coded in places. I don't like the hard coding of security tokens but that code isn't mine.
If it is hard coded I am not sure why it is an option here. Will come back to you for sure when I have the code in front of me.

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
09-16-2019, 11:45 PM
Post: #3
RE: Page Security Levels
Hi Tim

Ok, I am very grateful for your help.

Alex
Find all posts by this user
Quote this message in a reply
09-17-2019, 03:09 AM (This post was last modified: 09-17-2019 03:15 AM by falkoner.)
Post: #4
RE: Page Security Levels
Ok, If you comment out line 18 of PageSecurity.php (it seems an utterly pointless line), changing it from

$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';
to
//$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php';

then you can update that token. It appears to me having looked at the code that this is ok, and that it *should* work fine. That said I didn't write that code so test carefully first.

Tim

=======

There was a very obvious typo in PageSecurity.php that would have been avoided if developers did what I have asked them to do for years, and that is to set error_reporting to -1 while testing code.

I have fixed it and submitted a pull request.

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
09-17-2019, 06:36 AM
Post: #5
RE: Page Security Levels
Thanks Tim,

Yes, this is useful, I have changed the COSTUPDATE Security token.

However, I feel that sometimes in order to avoid misuse, may can add a protection function on this page, "Require password confirmation before making any changes," which is safer.

Thanks again

Alex
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)