The turning off of the setting "view chatbox log" in the Access Control page for the chatbox.module only stops Drupal from displaying the link to the logs. Anybody (non-authorized members, non-members, everybody!) can access the logs if they know the right url, which is the same for all Drupal sites using this chatbox.

CommentFileSizeAuthor
#4 chatbox-logaccess.patch651 bytesdarren oh
#3 chatbox2.patch211 bytesjmengle
#1 chatbox_0.patch526 bytesjmengle

Comments

jmengle’s picture

jmengle commented
Status: Active » Needs review
StatusFileSize
new chatbox_0.patch526 bytes

I added a user_access check before the logs were shown, and it seems to work. This is my first patch; be gentle ;)

ricmadeira’s picture

ricmadeira commented

Thanks! That does the trick, alright!

I don't understand much about this too, but shouldn't the "You are not authorized" message be inside a "t()" so that Drupal can translate it in other languages too? Otherwise, everything seems fine!

jmengle’s picture

jmengle commented
StatusFileSize
new chatbox2.patch211 bytes

Thanks for catching that :) I changed the code and think it's ready.

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
StatusFileSize
new chatbox-logaccess.patch651 bytes

The last patch was not a unidiff. I redid it and will review it soon.

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
Status: Needs review » Fixed

Patch applied.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)