[development] security: people can no longer "administer" blocks.
Dries Buytaert
dries at buytaert.net
Fri Jan 6 06:44:36 UTC 2006
On 05 Jan 2006, at 22:40, Bèr Kessels wrote:
> * Add a new permission: moderate blocks (people can only change the
> content of
> the blocks)
> * Remove the "show it here and there" alltoghether and leave it to
> the themes
> (my favorite) to choose where, when and how to display blocks.
> * Limit the allowed PHP. this, i fear is a very, very hard one. One
> that will
> render php mode unusable too.
> * Only show (and save!!) the phpmode option for uid 1. I dislike
> this, because
> I prefer to do nothing with uid1.
Rather than adding permissions, we should use the filter system.
Just add input formats to the block creation screen.
--
Dries Buytaert :: http://www.buytaert.net/
More information about the development
mailing list