settings.tpl security-fix! After aplying this to your izabi site, guests cant access your users settings.tpl anymore!


hf:cool:

Nice fix! didnt even know about this bug.

Thanks.

Didn't know there was a problem with that. Anyone have that problem? Thanks for the fix.!

just found out you can use the scheme from my txt-file for every page you want to prevent guests to access it ! :) runs on every page i add this!

Search for: in ??????


$tpl = new template;
$tpl -> Load("settings");
$tpl -> ConvertSelf();

Thanks,

Bill

$tpl = new template;
$tpl -> Load("settings");
$tpl -> ConvertSelf();

well this can differ a little bit from file to file..but it always looks similiar and its on the very top of every php just below the core sturcture availabilty check.

hope my answer helps

Works like a charm thanks..

I didn't find this code in settings.tpl. I found it in settings.php. I assume the php is the correct file to edit?

But even if they accessed this page they can still do nothing. I don't see the security risk by accessing this page. Can u explain pls.

Cheers,
imad

Yeah same here, i didn't think guests could do much as long as you prevented access for guests in your general config for your site.

sure but cmon...it looks a little bit noobie if a guest accesses this site...no matter if he can do a thing ... its confusing and even ridicolous for the user that gets there...

the guest might not be able to do anything...

we're aware of.. new holes are comming out all the time. Perhaps this will save us alot of trouble inthe long run! Thanks for the post..