Wednesday, 17 September 2014 05:32
beggarly

Front-end management user problem

zOOm Media Gallery for Joomla 1.5

Front-end management user problem

Postby Corwin » Sun Mar 30, 2008 11:27 am

Hi,

Did you enounter problem with gallery management when log-in as a user (so there is no Admin System but User System).

When I login as a user I can't create new gallery (when I'm clicking on new gallery there is no new code generated and there is no Save, Cancel button).

Second thing. When I'm uploading with Drag'n'Drop from fronted user. I got information:


[color=#FF0000:cdea4bed]No gallery specified, please select one from the list.Processing images from list...
[/color:cdea4bed]

There is no such problem when I'm using Drag'n'Drop from backend.

Best regards,
Corwin
Last edited by Corwin on Thu Jan 01, 1970 12:00 am, edited 65535 times in total.
Reason: 1
Corwin
Fresh Boarder
Fresh Boarder
 
Posts: 1
Joined: Sun Mar 30, 2008 12:01 pm

Re:Front-end management user problem

Postby ljcarter1906 » Thu Apr 24, 2008 1:27 am

Same Problem here
ljcarter1906
Fresh Boarder
Fresh Boarder
 
Posts: 3
Joined: Sun Apr 13, 2008 8:00 pm

Re:Front-end management user problem

Postby ideamarket » Mon Apr 28, 2008 3:23 pm

Yes we are having this problem as well
ideamarket
Fresh Boarder
Fresh Boarder
 
Posts: 15
Joined: Thu Mar 20, 2008 5:09 pm

Re:Front-end management user problem

Postby Tux » Sun Jun 01, 2008 7:41 pm

As I remember correctly there was in an earlyer version the same problem about missing the save / cancel buttons in the user/front-end management.
It was solved, I will try and look if I can find that solution, so we can apply it again.
Tux
Fresh Boarder
Fresh Boarder
 
Posts: 15
Joined: Sun Jun 01, 2008 8:37 pm

Re:Front-end management user problem

Postby Tux » Wed Jun 11, 2008 2:17 pm

In com_zoom/www/ajaxcallback.php is the task get_toolbar but when you're not admin you cannot get there because the code in line 39-42:
Code: Select all
$task = $zoom->getParam($_REQUEST, 'task');
if (!in_array($task,array('view_vote','view_lightbox')) && !$zoom->_isAdmin ) {
    die('Invalid Request!!');
}   


gives you an die('Invalid Request!!')

If you comment these lines it will work again, however I am not sure yet if this creates vulnerabilities.
Tux
Fresh Boarder
Fresh Boarder
 
Posts: 15
Joined: Sun Jun 01, 2008 8:37 pm

Re:Front-end management user problem

Postby Tux » Wed Jun 11, 2008 2:27 pm

because the task is get_toolbar so not view_vote or view_lightbox and you are not an admin so !$zoom->_isAdmin is true aswell.
It might be safer to had some hasPrivilege checks to these lines like:
Code: Select all

    if (!in_array($task,array('view_vote','view_lightbox')) && !$zoom->_isAdmin
      && !$zoom->privileges->hasPrivilege('priv_creategal')
       && !$zoom->privileges->hasPrivilege('priv_editgal')
       && !$zoom->privileges->hasPrivilege('priv_delgal')
       ) {
        die('Invalid Request!!');
    } 
Tux
Fresh Boarder
Fresh Boarder
 
Posts: 15
Joined: Sun Jun 01, 2008 8:37 pm

Re:Front-end management user problem

Postby Tux » Wed Jun 11, 2008 2:37 pm

I have however still an other problem with the frontend, in the category tree are no sub-categories. They are visible in the backend. Doesn't matter if I am admin or not.
So I can create them in the front-end but not edit them anymore.

Strange is that they are visible in the drop-down but not in the tree

Anybody any idea?
Tux
Fresh Boarder
Fresh Boarder
 
Posts: 15
Joined: Sun Jun 01, 2008 8:37 pm

Re:Front-end management user problem

Postby guilleva » Wed Jun 11, 2008 3:47 pm

Thanks Tux,

Yes, if you remove those lines it would create vulnerabilities on your installation. I'm going to analyze the second option.

However, currently I almost finished the native version of Zoom for Joomla 1.5 with all reported problems fixed, right now I'm testing it and I hope it will be ready to go the next week.
User avatar
guilleva
Administrator
Administrator
 
Posts: 1527
Joined: Wed Sep 12, 2007 3:10 am
Location: San José, Costa Rica


Return to zOOm



Who is online

Users browsing this forum: No registered users and 1 guest