Support

Admin Tools

#9726 Settings Resetting Discovered

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 09 January 2011 16:37 CST

Sunday, 09 January 2011 08:48 CST

slaes
Hi Guys,

Running pro 1.1.2 and for some time as with previous versions i have had settings just randomely reset to default. I could never discover the cause however it seems that i might have stumbled onto it.

Anyway so bascially when i change the user name and password in the admin tools paramatters (which does not need the master password to access) all the settings go back to default including the master password and firewall and etc. All is basically turned off. So hyperthetically, if someone was to somehow manage backend accesss they could de activate settings by placing a random user name and password in the parramatters (details needed for live update). I have tried with a few hosts and multiple browsers. Can anyone confirm if this is a known issue?
Any help much appreciated.

p.s. keep up the great work!!

Sunday, 09 January 2011 16:37 CST

nicholas
That's one EXCELLENT catch! The thing is that the Admin Tools component parameters were separated in two groups. The basic group having the "visible" options, the "advanced" group having the hidden fields. This works well until you ask Joomla! to display the component parameters page. It decides that it should load only the main group and ignore the "advanced" parameters. This causes the form to submit with only the visible parameters, i.e. username and password in this case. Joomla! will then see that and replace all parameters it doesn't see in the form with their default values. Doh!!!

For the next version of Admin Tools I am going to change things a bit. All parameters will be in the same group and access to the visible parameters will be handled through a custom interface. That said, if someone has Super Administrator access (that's what it takes to edit component parameters) and is resourceful enough he will be able to reset Admin Tools settings. However, you shouldn't give Super Administrator access to people with that level of geekiness, experience and determination to break your site. In fact, such a person would find much easier ways to bypass restrictions -I can certainly think of at least FOUR much easier ways off the top of my head- if he wanted to harm your site. This brings us to the previous point: don't give such a person Super Administrator access! :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!