WordPress.org

Ready to get started?Download WordPress

Forums

Superb slideshow gallery
[resolved] [Plugin: superb slideshow gallery] Deprecated user levels cause security breach! (1 post)

  1. brucenow
    Member
    Posted 3 years ago #

    The Problem:
    Once you install this plugin, create a test user with the basic subscription status. Then login to your MU site as that user. Go to a post and click on Site Admin which will take you to the user's dashboard. Under the user's Profile menu item, you will see a Settings menu item. Click on that and you will see the Options page for the Superb Slideshow Gallery where this user with only basic subscription status can erase or change your images for your slideshows.

    The Fix:
    Open up superb-slideshow-gallery.php in the plugin's folder. Scroll down to about 10 lines from the bottom of the file, where you will make a substitution in two lines of code. User levels are deprecated so you are going to replace them. Here are the two lines of code:

    function ssg_add_to_menu()
    {
    add_options_page('superb slideshow gallery', 'superb slideshow gallery', 7, __FILE__, 'ssg_admin_option' );
    add_options_page('superb slideshow gallery', '', 0, "superb-slideshow-gallery/image-management.php",'' );
    }

    Replace the 7, with in the first add_options_page with 'manage_options',. Replace the 0, in the second add_options_page with 'manage_options',.

    Now when you go back to the blog post and refresh the page, then click on Site Admin, the user's dashboard will no longer display a "Settings" menu item, unless you have another plugin that requires it. But even then, the Superb Slideshow Gallery options page shouldn't show up...I think. :-)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic