[development] security: people can no longer "administer" blocks.

Dries Buytaert dries at buytaert.net
Fri Jan 6 06:44:36 UTC 2006

On 05 Jan 2006, at 22:40, Bèr Kessels wrote:
> * Add a new permission: moderate blocks (people can only change the  
> content of
> the blocks)
> * Remove the "show it here and there" alltoghether and leave it to  
> the themes
> (my favorite) to choose where, when and how to display blocks.
> * Limit the allowed PHP. this, i fear is a very, very hard one. One  
> that will
> render php mode unusable too.
> * Only show (and save!!) the phpmode option for uid 1. I dislike  
> this, because
> I prefer to do nothing with uid1.

Rather than adding permissions, we should use the filter system.   
Just add input formats to the block creation screen.

Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list