WordPress.org

Ready to get started?Download WordPress

Forums

WP Live CSS Editor
[resolved] Live Editor Doesn't Check for Login Status??. (3 posts)

  1. jayhal
    Member
    Posted 3 years ago #

    I recently implemented your plugin in several of my sites, and aside from a couple issues, have found it great to use.

    My fellow admin messaged me the other day though, and informed me that the 'Edit CSS' tab displayed on page views displays not only for users who are authenticated and logged in as admins, but for ALL users, regardless of login status.

    I'm not sure how much of a security issue this is,because the plugin sidebar does have the save button(though without being logged I believe my admin partner did say it did not function, though I know little about possible exploits or any way that this bug might be taken advantage of) but it's definitely a huge usability issue. Even with CSS code freely available to users viewing a page, I'm not sure how many admins would like that tab displayed so prominently on all pages.

    I think it's a priority fix, and I'd love to see it fixed quickly(since I do love this plugin).

    Other details that may or may not be of use: I've been using the plugin on the most current and last few versions of WP.

    http://wordpress.org/extend/plugins/wp-live-css-editor/

  2. funlab
    Member
    Plugin Author

    Posted 2 years ago #

    Hola !
    I just updated the plugin with the code from the original Drupal module by guybedford, and this solves almost all of the problems that have been pointed out. And also now the plugin is seen and used only by logged in administrators.

  3. funlab
    Member
    Plugin Author

    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic