I had a PHP Website which had a "admin.php" page, where I could set some special settings like activating an infobox e.g.
Now I am rebuilding my Website with TYPO3 and I am asking myself, how I have can make something like a "admin.php" where I can do settings.
Can someone help me with that? I hope I could explain my issue so you understand it, otherwise please tell me if you didn't get the point of it!
TYPO3 is a Content Management System, the M stands for what you are searching for! As user with administrator role, there are multiple modules where you can configure extensions, change output of things, ....
So it could be the Constant Editor what you are looking for, otherwise ask a more concrete question.
The BackEnd, which you access by domain.tld/typo3/ is the place where all modifications to the FrontEnd output is done. That includes the normal content of text and images or other Content-Elements like plugins, records like news or tt_address and of course pages to get the structure.
Here an editor also decides the visibility of content.
The BackEnd is also the area where the behaviour of the site is configured, mostly with TypoScript. With TypoScript you can configure the behaviour of Plugins or the general rendering of pages.
maybe you had all configurations in one admin.php file, in TYPO3 the configuration might be distributed to different places, but as there are very much possibilities to configure there are also much places to configure.
Related
I am using ezpublish 4.3.0. The management screen is collapsed when repeating generation / editing of class etc. from the management screen, it is in a state where you can not put it in. Please tell me how to respond and the tpl file (file with the extension tpl) that creates the administration screen. This environment has been customized when it was first constructed, and presumably that tpl going to see css etc in this treatment changed. Thank you.
So, i'm not sure i completely understand what you need but the template files for the administration area are all under /design/admin if someone made an extension to override the admin template try and disable it from administration siteaccess under /settings/siteaccess/$yourSiteAccessName.
By the way you could try and clear the cache, sometime it fixes some of those issues, you never know
Let's says I want give someone access to wordpress admin panel so he can edit posts, settings etc.
My question is: Is admin panel in plain wordpress installation safe so new user won't be able to run any PHP server-side code? He won't be able to install plugins obviously (no ftp access, chmod +r-w and on all wp folders).
he can put as many javascripts to posts as he wants, I know he will be able to hijack my cookies etc, I don't mind. I am asking only about server-side code.
If your WordPress installation is up to date, you are only using plugins from trusted developers, and you have your user roles properly configured for your specific security needs, then yes you can expect WordPress admin to be safe from server side scripting.
Out of the box WordPress ships with user roles that can be modified to your liking. For instance, I'm a super admin of a multisite and can access all sites and network admin, but I don't want my admins to have either. I can set the access level for network admin area, and what sites each admin can access.
This can be further customized to disable things like the theme / plugin editors so you would only be able to manipulate core files from FTP etc. Also, disable the ability to install plugins.
I use a plugin called User Role Editor and Adminimize to control various parts of any role i.e. editor, admin etc. I've also written my own plugin to further customize the user experience.
By default I believe you will find any js or other scripting gets stripped out of the wp editor in pages / posts. You can circumvent this by using a text widget or a plugin I use called HTML Javascript Adder.
Adminimize
User Role Editor
HTML Javascript Adder
To be honest this is not something that can be answered here with a cut and dry answer.
As far as I can remember there is not a location where an admin can edit a file, upload a file or enter PHP to be executed.
This does not mean that there are no ways to execute PHP however. As far as we know at present there are no known security vulnerabilities with the current version of Wordpress however only time will tell if this will remain the same. It might be possible for example to exploit a form and enter PHP that can be executed unintentionally. It may also be possible to edit the URI with PHP code that is not sanitized correctly on the server.
Take a look at this site which will show the numerous vulnerabilities that Wordpress has had in the past.
https://wpvulndb.com/wordpresses
I am sure the Wordpress developers did not knowingly release the software with these bugs but yet it happened.
AFAIK by default you can only do that via the template editor.
Now... if you don't allow any file to be modified, in theory there is no other OOTB functionality that allows arbitrary code execution, so it should be safe, BUT...! It's Wordpress, come on... it has always had security issues, and it will continue to do so because it is full of legacy code and it is poorly designed.
Plus, to be honest, you shouldn't make such safety assumptions even for well engineered software.
I am developing a MediaWiki extension and I would like it to be able to pull simple configuration settings from a MediaWiki page that can be edited when and if certain things are added such as a category. I am quite unsure how I would go about doing something like this. any help would be appreciated/
Typically, on-wiki settings would be stored in the MediaWiki namespace. There are no built in methods for getting and setting such configuration setting, so you will have to parse those pages manually. For a (quite complex) example, see how the sidebar is built from MediaWiki:Sidebar in Skin.php
A more user friendly approach, of course, would be to create a simple special page, that gets and sets the configuration settings from the database. Depending on your exact needs, that might be almost as simple to build.
I'm looking at a site under development (at my wife's work). It's being built with Joomla 2.5.x, and it's using a Kunena template for the forum.
Each page on the site uses a single URL with PHP variables, e.g. www.sitename.com/index?option=com_content&view=article&id=96&Itemid=101.
However, on the demo site, the suffix is always .html even though the content is CMS/database-generated.
What I want to know is:
Why does the site at my wife's work use .php?...?
Where in the backend administration portal (to which I have access) are the settings for each view (presumably using a MVC framework)? Or are they only available by editing the PHP files directly?
Thanks.
Addendum
I found this documentation which helps explain #1. Still would like an answer to #2.
First, you should never edit a Joomla file directly. If there is ever somethign you can't do via a setting, override the file. Any changes you make in core files, besides potentially breaking things, will get overwritten on an update.
In terms of settings in general every view has an options button and you set default settings for the component there. There are then in general individual settings in items and menu items that override the defaults.
Kunena has more complex configuration and thus has its own complete UI.
Joomla has a setting for using either the raw url (which your site is using) or "Search engine friendly" (SEF) urls. The demo site not only uses SEF urls but also adds an html suffix to the end. The html really means nothing to the system and is just there. You could turn that off and the system would operate the same just without '.html'. (Locations would look like folders instead of files, I guess.)
If you access your administration system (www.sitename.com/administrator, most likely), you can go to Site->Global Configuration. Make sure you are on the "Site" tab and you should see SEO settings on the right side. These settings will change the urls between the demo's version and your own.
To use the mod_rewrite bit, you may have to convert an htaccess.txt file to .htaccess on the server: http://docs.joomla.org/How_do_you_convert_an_htaccess.txt_file_into_a_.htaccess_file%3F
To add a bit more, the demo site's url is ultimately converted back into the url that you see on your wife's work's site. The system operates based on option, view, id, and Itemid variables. The SEO settings convert this into search engine friendly phrases which I think help both search engines and people!
First off, this isn't really a programming question but more of a programming concept question. Basically, I've built a bespoke PHP framework to speed up deployment on my end and I want some kind of plugin system in place that will allow me to add specific features to the base of the framework (like the SQL class or maybe a Twitter package) that will allow me to throw them into a folder and not have to actually edit the base for every new project.
Any ideas of the best way of going about this?
Here is a nicely written post by #ircmaxell on how to do that and what are the options:
Handling Plugins In PHP
Also check out:
Best way to allow plugins for a PHP application
what im doing in my cms:
for each plugin i make a folder latin-named of this plugin's name.
i create a /translations folder in there too. Check here.
have a single php file that has 2 basic functions, the plugin_install and plugin_uninstall (you know, things to happen on install/unistall like tables creation/drop)
create a special page of your system that reads these plugins, installed and not and give an on/off switch so users can install/unistall them.
load these single files mentioned above by a single call to include_once on top of your index page (or administration page) so to include whatever functionality they offer.
enabled plugins will be loaded (include_once) from your main page, and also their functionality, so each plugin can call each other's as well.