SimplePortal
Development => Bugs => Fixed or Bogus Bugs => Topic started by: ccbtimewiz on September 16, 2011, 10:52:25 PM
-
There should be a way to disable people that are given the right to administrate SP from creating PHP blocks, or giving the PHP block better validation from being abused.
-
Only members with admin_forum (full admin) permission can add/edit/delete PHP blocks.
-
'admin_forum' is far from full admin, it's more of a "tech only" admin
-> change forum, database and theme settings
-> manage packages
-> use the forum and database maintenance tools
-> view the error and mod logs
-
It doesn't. It only returns true if that user has the "Administrate forum and database" permission, which should not be given out lightly.
-
True, updated.
-
It'll let you do pretty much anything on the forum and there is even a notice to use that permission carefully. You wouldn't give that permission to a member that you don't trust.
-
I suppose you're right