Support

Admin Tools

#23913 Incompatibility with Access Manager

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 14 January 2016 17:20 CST

Tuesday, 15 December 2015 02:07 CST

user8706
Hello,

there is a documented incompatibility between Admin Tools and Access Manager. The editor of Access Manager recommends the following workaround (http://www.pages-and-items.com/extensions/access-manager/faqs?faqitem=issues_admintools):

There is a small incompatability issue with Akeeba AdminTools, with certain settings you might get a white adminscreen in the backend in Access-Manager > menu/page access.

To fix this issue alter this file:
plugins/system/admintools/admintools/main.php line 630
$menu = JFactory::getApplication()->getMenu()->getItem($Itemid);

replace with
return array($option, $view);

Just make sure you keep a note of this alteration, so when you update Akeeba Admin Tools, you can do this fix again.

Is this issue also know to you and is a security issue if I alter the file mentioned?

Thanks,
Uwe

Tuesday, 15 December 2015 02:32 CST

tampe125
Hello Uwe,

Access Manager does core hacks in Joomla!, i.e. it modifies core files before they are loaded from disk, altering how low level APIs work in Joomla!. THIS IS A BAD PRACTICE which can have unforeseen consequences on your site: you are no longer running Joomla!, we don't know what security issues FAM's code may introduce to your site. The extension has been reported to the JED by us with the result that the extension listing is no longer present in the Joomla! Extensions Directory and there's a Joomla! VEL (Vulnerable Extensions List) entry telling you that Frontend Access Manager is insecure because it makes core hacks. Regarding your question, Carsten's (the author of that extension) suggestion makes it impossible to use WAF Exceptions with Admin Tools. If you're not interested in using this feature you can apply this change AT YOUR OWN RISK knowing that
a. you are breaking a feature of Admin Tools;
b. you need to apply this change every single time;
c. we shall not provide any support for this site since it's employing core hacks.

Regarding the latter, please note that core hacks modify how low level APIs work on your site. Therefore we cannot guarantee that our code –tested against the ​*official*​ Joomla! APIs– will perform correctly. Our suggestion is to replace and remove FAM.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 15 December 2015 02:48 CST

user8706
Thank you very much, Davide! I was not aware that FAM is insecure. Can you recommend any other tool which I can use to have a more flexible approach to frontend access? Some other component which does a similar thing?

Tuesday, 15 December 2015 02:57 CST

tampe125
I don't have any component to recommend, the best option is to use stock Joomla ACL component. If things get messy, I'd suggest you using ACL Manager component.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 14 January 2016 17:20 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2016-01-14 17:20 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!