Hi!
AutoCHMOD is a great plugin, but any registered user can unlock write permissions, not just the administrator.
This:
if ( is_admin() )
add_action( 'admin_bar_menu', array( $this, 'admin_bar_menu' ), 10000 );is_admin() check returns true when user is into dashboard now, even it’s not an admin!
Fix:
Replace it with:
add_action('admin_init', array( &$this, 'admin_init'));and add function:
function admin_init() {
if (current_user_can( 'manage_options' )) {
add_action( 'admin_bar_menu', array( $this, 'admin_bar_menu' ), 10000 );
}
}2. Even without access to the dashboard any user can get write permissions! He can just open /wp-admin/index.php?chmod=togli link.
Fix:
public function init() {
if ( is_admin() and isset( $_GET[ 'chmod' ] ) ) {
if (!current_user_can( 'manage_options' )) die("Access denied");Hello
In your AutoCHMOD program you can set permissions on directories. That’s actually great. But what I would still find good if roles could then be assigned to the directories and then these roles could be selected by the users. In this way, the directory authorizations can then be assigned to users.
regards
Heinz
After Enable Protect,
Error 403 Forbidden –
“You don’t have permission to access / on this server.”
In the description say “Please check carefully the configuration before enabling protection! If the default permission mask isn’t correct for your server WordPress will stop working, and you’ll need to restore the correct permission manually.” but it isnt sufficiently specific about how it should be configured.
Is impossible fix this through ftp access.
]]>