Command & Control Showing Unauthorized Controls

Authored by: Dirk on Tuesday, May 13 2003 @ 04:06 AM EDT

The plugins you mentioned need to be updated. I've already posted about this on the geeklog-modules mailing list back in December.

This is what I wrote:

Plugins should check for the proper access rights before returning an entry and icon for moderation.php from plugin_cclabel_<pluginname>.

For example, for the default Moderator account, I see icons for the Forum, the Chatterblock, and for my very own Classifads plugin even though the Moderator does not have Admin access to those plugins.

Actually, the change in the plugin API that allows a plugin to return an empty entry from plugin_cclabel_<pluginname> was only introduced in Geeklog 1.3.7, so I'd like to point it out to you here:

--- snip (from docs/history) ---
- Plugins can now return "false" (or an empty array) from
plugin_cclabel_<plugin-name> so that the plugin's icon does not show up in moderation.php if the user does not have the proper access rights for the plugin. Changed the Static Pages plugin to do exactly that.
--- snip ---

bye, Dirk

[ Reply to This | # ]

Authored by: vbgunz on Tuesday, May 13 2003 @ 06:00 AM EDT

I must say, a thousand thank yous for your time. Without your help on these boards Dirk I could be dead in the water. I took what you said and worked on it not knowing a bit of php to help me out... I managed to fix all entries I believe were troublesome... Would you or someone else mind looking them over to make sure they're not time bombs as they seem to work like a charm...

I'd sure appreciate hearing a confirmation from these plugin developers. Also, since I tested it quite a bit and could not find any problems I guess this can be considered plugin fixes...

Thanks for your time and confirmation on this one :)



/**staticpages code*/

function plugin_cclabel_staticpages()
{
global $_CONF, $LANG_STATIC;

$retval = array();
if (SEC_hasRights('staticpages.edit')) {
return array($LANG_STATIC['staticpages'],$_CONF['site_admin_url'] . '/plugins/staticpages/index.php',$_CONF['site_url'] . '/staticpages/images/staticpages.png');
}
return $retval;
}



/**Chatterblock code*/

function plugin_cclabel_chatterblock()
{
global $_CONF,$cb_lang;

$retval = array();
if (SEC_hasRights('chatterblock.edit')) {
return array($cb_lang['prompt22'],$_CONF['site_admin_url'] . '/plugins/chatterblock/index.php',$_CONF['site_url'] . '/chatterblock/images/chatterblock.png');
}
return $retval;
}



/**External Pages code*/

function plugin_cclabel_external()
{
global $_CONF, $LANG_EX00;

$retval = array();
if (SEC_hasRights('external.admin')) {
return array($LANG_EX00['externpages'],$_CONF['site_admin_url'] . '/plugins/external/index.php',$_CONF['site_url'] . '/external/images/external.png');
}
return $retval;
}



/**File Management code*/

function plugin_cclabel_filemgmt()
{
global $LANG_FILEMGMT, $_CONF;

$retval = array();
if (SEC_hasRights('filemgmt.edit')) {
return array($LANG_FILEMGMT['plugin_name'],$_CONF['site_admin_url'] . '/plugins/filemgmt/index.php',$_CONF['site_url'] . '/filemgmt/images/filemgmt.png');
}
return $retval;
}



/**Forums code*/

function plugin_cclabel_forum()
{
global $_CONF;

$retval = array();
if (SEC_hasRights('forum.edit')) {
return array('Forum',$_CONF['site_url'] . '/admin/plugins/forum/index.php',$_CONF['site_url'] . '/forum/images/forum.png');
}
return $retval;
}

Thanks for checking :)

---
Victor B. Gonzalez

[ Reply to This | # ]