Page Security Levels
|
09-16-2019, 09:05 PM
Post: #1
|
|||
|
|||
Page Security Levels | |||
09-16-2019, 10:40 PM
Post: #2
|
|||
|
|||
RE: Page Security Levels
I will have to check when I have the code in front of me but I believe the cost update security token is hard coded in places. I don't like the hard coding of security tokens but that code isn't mine.
If it is hard coded I am not sure why it is an option here. Will come back to you for sure when I have the code in front of me. Tim |
|||
09-16-2019, 11:45 PM
Post: #3
|
|||
|
|||
RE: Page Security Levels
Hi Tim
Ok, I am very grateful for your help. Alex |
|||
09-17-2019, 03:09 AM
(This post was last modified: 09-17-2019 03:15 AM by falkoner.)
Post: #4
|
|||
|
|||
RE: Page Security Levels
Ok, If you comment out line 18 of PageSecurity.php (it seems an utterly pointless line), changing it from
$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php'; to //$ScriptName = mb_substr($ScriptName, 0, mb_strlen($ScriptName)-4).'.php'; then you can update that token. It appears to me having looked at the code that this is ok, and that it *should* work fine. That said I didn't write that code so test carefully first. Tim ======= There was a very obvious typo in PageSecurity.php that would have been avoided if developers did what I have asked them to do for years, and that is to set error_reporting to -1 while testing code. I have fixed it and submitted a pull request. Tim |
|||
09-17-2019, 06:36 AM
Post: #5
|
|||
|
|||
RE: Page Security Levels
Thanks Tim,
Yes, this is useful, I have changed the COSTUPDATE Security token. However, I feel that sometimes in order to avoid misuse, may can add a protection function on this page, "Require password confirmation before making any changes," which is safer. Thanks again Alex |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)