Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#99 Logging patch

closed-out-of-date
nobody
None
5
2012-04-19
2011-05-20
Dale Blount
No

Patch to add ability to only allow super admin to view logs

Discussion

  • Dale Blount
    Dale Blount
    2011-05-20

    View Log Patch

     
  • Your patch hides the link to viewlog.php, but any domain admin can still type viewlog.php in his browser's address bar and view the log. You should add a permission check in viewlog.php to fix this.

    Additionally, our current development version is much different from 2.3.x because we switched to smarty templates. This means the template changes in your patch won't apply to SVN trunk. (Not a real problem, it would be quite easy for me to convert your patch to the smarty templates.)

    That said: is there a special reason why you want to hide the log from your domain admins? I have to admit that I don't see why this would make sense.

     
  • Dale Blount
    Dale Blount
    2011-05-23

    Hi. Sorry about the old patch, this was before I started using the SVN version.

    The reason I want to have the option to hide the logs is that it logs IPs of the superadmins giving possible targets to gain additional privileges.

    Yes, I know it's quite a long shot.

     
  • GingerDog
    GingerDog
    2012-04-19

    • status: open --> open-out-of-date
     
  • GingerDog
    GingerDog
    2012-04-19

    • status: open-out-of-date --> closed-out-of-date