[Plugin: Quick Cache] define('DISALLOW_FILE_EDIT', true) kills this plugin!

  • I accidentally found a quick and easy way to kill the Quick Cache plugin! The Ultimate Security Checker plugin recommends turning off the WordPress admin file editor for plugins and themes by adding this definition to the wp-config.php file:

    define('DISALLOW_FILE_EDIT', true);

    This kills the Quick Cache plugin in a big way. When I try to access the plugin settings in the admin, I get this error message:

    You do not have sufficient permissions to access this page.

    In addition, the Quick Cache menu disappears from the admin sidebar, and the Clear Cache button disappears from the top of the admin screen.

    Apparently, the DISALLOW_FILE_EDIT configuration option is totally incompatible with Quick Cache. Why does Quick Cache need file editing permission? Is this a bug or a feature? ??

    Thanks for any light you can shed on this!

    Fred Chapman
    [ Signature moderated. ]

    https://www.ads-software.com/extend/plugins/quick-cache/

Viewing 13 replies - 1 through 13 (of 13 total)

  • I too find the above to be the case. I’m not too sure on the security risk of the editor being available, but I know I’d like to be able to disable file edit. Using quick cache though, that’s just not possible. Any thoughts anyone?

    This happened to me just now. But this wasn’t the only problem I’ve encountered with this plugin; two weeks ago it did this to me:

    Permissions: Please check permissions on wp-config.php. Quick Cache needs write-access to this file. Permissions need to be 755 or higher.

    Permissions: Please check permissions on wp-content. Quick Cache needs write-access to this directory. Permissions need to be 755 or higher.

    And I wasn’t the only one having this problem.

    These errors are easily fixable, of course, but they are irritating. The only other plugin I’ve encountered this kind of problem with was W3 Total Cache, but it was just one time. It looks like Quick Cache is more “simple” than the other caching plugins, maybe that’s a factor? I’ll go ask others in the meantime.

    oh, oh

    thanks for the tip, fwchapman!

    would never discover that, never…

    Thread Starter Fred Chapman

    (@fwchapman)

    brasofilo, you are very welcome! I’m glad my tip helped you. -Fred

    Fred,
    I’ve got intrigued by this behavior and found that the plugin’s menus are being added based on “edit_plugins” capability

    so, if this is changed to “add_users”, the plugin works with DISALLOW_FILE_EDIT enabled

    this is the file that needs modifications (in lines 147, 150 and 153):
    /wp-content/plugins/quick-cache/includes/classes/menu-pages.inc.php

    [edit: there are other instances where this needs to be changed: see screenshot https://cl.ly/2t370Q120R0v270Y1z2w ]

    Thread Starter Fred Chapman

    (@fwchapman)

    Brasofilo, great work! Thanks for developing and sharing this workaround. I hope the plugin author incorporates it into a future release.

    Thanks again,

    Fred

    P.S. Is Brasofilo your first name or just your username? I wasn’t sure what to call you. ??

    hi Fred,
    sorry, forgot to sign the message ??
    i’m Rodolfo

    (check the edit in my previous post)

    Yep, hopefully, the author will see this thread and adapt the plugin

    cheers

    Thread Starter Fred Chapman

    (@fwchapman)

    Very nice to meet you, Rodolfo! Thanks for posting the update on the changes needed to fix the plugin.

    Wishing you a great 2012,

    Fred

    It’s been THREE MONTHS now since this fix has been in place and apparently working….

    So how come the DEVELOPER hasn’t fixed it yet???

    I’m encountering the same issue with either adding the code manually or it being inserted by another plugin such as Better WP Security.

    I would also like to know why the wp-config.php file needs 755 permissions?
    That seems like a huge security risk?

    **** ALSO, can some re-indicate the places that need to be renamed?
    The above screenshot link is dead.

    Thanks

    For my purposes, I wanted to enable the “Clear Cache” button in the Admin Bar (top menu bar) for an Editor but not the side menu bar options that allow modifying Quick Cache functionality. I logged on as both “Editor” and “Admin” and it works correctly in both circumstances.

    I simply modified static function add_admin_bar_nodes by replacing “edit_plugins” with “add_users” and no other code was modified. This static function is located in quick-cache\includes\classes\menu-pages.inc.php.

    After using same options it seems to work as wished.
    Btw I found same problem in plug called Code Snippet. Seems to work with same solution as above, but can it harm?

    I am having problems with Quick Cache, the following 2 lines appear even though I have altered the permissions on these folders to be 755.

    Is there another fix apart from changing the wp-config file?

    Permissions: Please check permissions on /wp-config.php. Quick Cache needs write-access to this file. Permissions need to be 755 or higher.

    Permissions: Please check permissions on /wp-content/cache. Quick Cache needs write-access to this directory. Permissions need to be 755 or higher.

    If define('WP_CACHE', true); the permissions on wp-config.php should not be an issue.

    DISALLOW_FILE_EDIT is the issue here. Even if I copy the advanced-cache.php file manually, the plugin won’t work, or, at least the settings page is not accessible.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘[Plugin: Quick Cache] define('DISALLOW_FILE_EDIT', true) kills this plugin!’ is closed to new replies.