Woopra Forums » Troubleshooting

• 

  lordfish
  Member

  Hey, i have a own wordpress Blog. But if someone create a Account, he can access the Woopra Settings

  Screenshot: http://upload.wiiarefree.org/view/full/1083_ybj5a

  Posted 3 months ago #
• 

  Jardel
  Member

  yes! me too! i was coming to report this here
  and i have open registration
  this is a huge security flaw

  Posted 3 months ago #
• 

  Thomas
  Member

  See more here: http://www.woopra.com/forums/topic/woopra-wordpress-plugin-bug

  Posted 3 months ago #
• 

  lordfish
  Member

  there is no add_submenu(); in the woopra.php
  Why Woopra dont fix this bug?

  Posted 3 months ago #
• 

  Textopus
  Member

  The fix is actually quite easy.

  Replace this part in woopra.php (at the end):
  
add_action('admin_menu', 'woopra_add_menu');
add_action('template_redirect', 'woo_detect');
add_action('wp_footer', 'woo_widget');

  if (get_option('woopra_track_admin') == 'YES') {
add_action('admin_footer', 'woo_widget');
}


  with this

  
global $user_level;
if( $user_level > 8 ) :
add_action('admin_menu', 'woopra_add_menu');
endif;
add_action('template_redirect', 'woo_detect');
if( $user_level < 10 ) :
add_action('wp_footer', 'woo_widget');
endif;
if (get_option('woopra_track_admin') == 'YES') {
add_action('admin_footer', 'woo_widget');
}


  This will ignore your admin visits (if logged in) and will remove the admin panel for all users but the admin.

  Posted 3 months ago #

RSS feed for this topic

Reply

You must log in to post.

 Sign Up!
- Download Application
- Learn more

• Forum Hot Tags

  analytics approval blog bug Bugs chat client Code Desktop domain error Errors Events Forum Google Installation Java Joomla linux live Login Mac Map no stats notification Pending Approval plugin problem referrers review search stats subdomain time time zone tracking Troubleshooting update url visitor visitors website Woopra wordpress WordPress Plugin

• Recent Blog Entries

  New! WordPress Plugin Now Displays Real-time Site SearchesTwo quick updates for WordPress users. If you've had [...] Woopra Performance Issues ResolvedGreetings everyone! Over the last few days we have [...] Woopra’s State of the Union - September 2008It's been a busy few weeks since my last update [...] Woopra Team at Blog World Expo 2008The Woopra will be at Blog World Expo in Las [...] Woopra Helps Real Estate Industry with Real Time Web AnalyticsIn a three part series, Inman News Real Estate and [...] Woopra Plugin for WordPress 1.3 Updated Quick update for people having problems with updating the Woopra [...] Large News Organization Seeks Startups Using WoopraWe've had a request from a very large news organization [...] Woopra Marches in China with the Londonderry BandIn June, the Londonderry School Band traveled to China and [...] Live Woopra Video During a Digg Front-pageIf you ask me, this is the pinnacle of Woopraness. [...] Introducing the Revolutionary NEW WordPress Plugin!Today at WordCamp San Francisco iFusion Labs demonstrated a new [...]

• Woopra is powered by