Under Configure WAF -> Show errors using a customisable HTML template the tooltip says "The default HTML template file is located in the components/com_admintools/views/blocks/tmpl/default.php file." whereas it is actually in components/com_admintools/views/wafexceptions/tmpl/default.php.
#24325 Minor documentation update for Configure WAF Security Exception Message
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by mikeprince on Monday, 01 February 2016 07:53 CST
Sunday, 31 January 2016 22:19 CST
mikeprince
Monday, 01 February 2016 04:13 CST
nicholas
Akeeba Staff
Manager
Um, no, not at all. Unfortunately you're wrong and you're about to introduce a security hole to your site by not following our instructions and following an arbitrary course of action.
The file we tell you in our tooltip to look for is <SITE ROOT>/components/com_admintools/views/blocks/tmpl/default.php. This is the file you need to override.
The file you mention in your ticket is actually located in <SITE ROOT>/administrator/components/com_admintools/views/wafexceptions/tmpl/default.php, it is NOT in the front-end of the component, it is NOT even in the path you are claiming it is and it has absolutely nothing to do whatsoever with the message shown in the front-end. DO NOT USE THAT FILE AS THE FRONT-END BLOCK MESSAGE TEMPLATE. Doing so can introduce an information leak (security hole!) to your site.
Furthermore, just opening these two files makes it obvious which one is the file you need to override. Opening <SITE ROOT>/administrator/components/com_admintools/views/wafexceptions/tmpl/default.php gives you a sea of PHP and Javascript code. Exhibit A: https://www.dropbox.com/s/lg36wly34g7q7et/Screenshot%202016-02-01%2012.06.16.png?dl=0 Apparently it doesn't look like a block message, not to mention there's a form in it!
If you do open the file we told you to open, <SITE ROOT>/components/com_admintools/views/blocks/tmpl/default.php, you will see that it's a simple HTML template. Exhibit B: https://www.dropbox.com/s/1vqx5f7iamjkp3a/Screenshot%202016-02-01%2012.06.31.png?dl=0
So I am more 100% sure that our tooltip is correct :) Be very careful which file you override. Also note that components/com_admintools (public front-end of the Admin Tools component) and administrator/components/com_admintools (administrator back-end of the Admin Tools component) are two entirely different folders. We will never type components/com_admintools when we mean administrator/components/com_admintools or vice versa. Mixing front-end and back-end application code can introduce security issues unless extreme care is taken, hence we never ask you to do that yourself.
The file we tell you in our tooltip to look for is <SITE ROOT>/components/com_admintools/views/blocks/tmpl/default.php. This is the file you need to override.
The file you mention in your ticket is actually located in <SITE ROOT>/administrator/components/com_admintools/views/wafexceptions/tmpl/default.php, it is NOT in the front-end of the component, it is NOT even in the path you are claiming it is and it has absolutely nothing to do whatsoever with the message shown in the front-end. DO NOT USE THAT FILE AS THE FRONT-END BLOCK MESSAGE TEMPLATE. Doing so can introduce an information leak (security hole!) to your site.
Furthermore, just opening these two files makes it obvious which one is the file you need to override. Opening <SITE ROOT>/administrator/components/com_admintools/views/wafexceptions/tmpl/default.php gives you a sea of PHP and Javascript code. Exhibit A: https://www.dropbox.com/s/lg36wly34g7q7et/Screenshot%202016-02-01%2012.06.16.png?dl=0 Apparently it doesn't look like a block message, not to mention there's a form in it!
If you do open the file we told you to open, <SITE ROOT>/components/com_admintools/views/blocks/tmpl/default.php, you will see that it's a simple HTML template. Exhibit B: https://www.dropbox.com/s/1vqx5f7iamjkp3a/Screenshot%202016-02-01%2012.06.31.png?dl=0
So I am more 100% sure that our tooltip is correct :) Be very careful which file you override. Also note that components/com_admintools (public front-end of the Admin Tools component) and administrator/components/com_admintools (administrator back-end of the Admin Tools component) are two entirely different folders. We will never type components/com_admintools when we mean administrator/components/com_admintools or vice versa. Mixing front-end and back-end application code can introduce security issues unless extreme care is taken, hence we never ask you to do that yourself.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 01 February 2016 04:27 CST
mikeprince
Oops, my apologies, although I thought I'd double-checked I was looking in /administrator. Haven't actually overridden it though, so no concerns there :-) Sorry for the confusion.
Monday, 01 February 2016 06:31 CST
nicholas
Akeeba Staff
Manager
No problem :) I just wanted to prevent you from doing something unsafe on your site.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 01 February 2016 07:53 CST
mikeprince
Sorry I made you spend so long writing a detailed explanation. :-)