silence
Well-known member
It's coming but we are fixing as many bugs as possible before release.
[TH] Donate - Multi-campaign manager [Deleted]
- Thread starter ThemeHouse
- Start date
Freelancer
Well-known member
Do you have a hotfix for the Donations nav tab exploit? because its awkward that guest visitors can see that we have donations while otherwise my board is totally private............
Jake B.
Well-known member
edit library/Audentio/DonationManager and replace the entire navigationTabs function with this:
Code:
public static function navigationTabs(array &$extraTabs, $selectedTabId)
{
$xenOptions = XenForo_Application::getOptions();
$visitor = XenForo_Visitor::getInstance();
if ($xenOptions->addm_navigationLocation == 0 || $xenOptions->addm_navigationLocation == 99 && $visitor->hasPermission('general', 'addm')) {
$extraTabs['addm'] = array(
'title' => new XenForo_Phrase('addm_donations'),
'href' => XenForo_Link::buildPublicLink('donations'),
'linksTemplate' => 'addm_navigation',
'position' => $xenOptions->addm_navigationBarPosition
);
}
}Freelancer
Well-known member
That is a folder... can you be more precise please... I am sure you meant a .php file. Which is it exactly?
Jake B.
Well-known member
Oops sorry, something must have been missed when I copied the path. library/Audentio/DonationManager /Listener/CodeEvent.php
Freelancer
Well-known member
Hmmm.... Maybe I am blind but I can not see any difference in the functions of the file and what you have posted...
Jake B.
Well-known member
Nope, everything looks right there and the permission check is already in place, go to Users -> User Group Permissions -> Unregistered / Unconfirmed and make sure they don't have any of the Donation Manager permissions
Jake B.
Well-known member
Actually, I see the issue. Replace it with this:
PHP:
public static function navigationTabs(array &$extraTabs, $selectedTabId)
{
$xenOptions = XenForo_Application::getOptions();
$visitor = XenForo_Visitor::getInstance();
if ($xenOptions->addm_navigationLocation == 0 || ($xenOptions->addm_navigationLocation == 99 && $visitor->hasPermission('general', 'addm'))) {
$extraTabs['addm'] = array(
'title' => new XenForo_Phrase('addm_donations'),
'href' => XenForo_Link::buildPublicLink('donations'),
'linksTemplate' => 'addm_navigation',
'position' => $xenOptions->addm_navigationBarPosition
);
}
}Freelancer
Well-known member
The permissions are set to "no" for the unregistered user group and I havent changed anything in the permissions. The bug came with your last update.
Jake B.
Well-known member
Freelancer
Well-known member
I see what you did there, but unfortunately it did not solve the issue...
silence
Well-known member
Could you check if the tables exist in your database for the addon?
Jake B.
Well-known member
Oops, put the parenthesis in the wrong place, sorry just made the edit quickly in the reply box. Replace that if statement with this:
PHP:
if (($xenOptions->addm_navigationLocation == 0 || $xenOptions->addm_navigationLocation == 99) && $visitor->hasPermission('general', 'addm')) {Freelancer
Well-known member
Okay, THAT worked...!
BUT: I of course tested the other navigation locations too. They all behave okay with one exception: "Footer" (alone) location is still present even when you have no permission and are logged out.
Jake B.
Well-known member
The footer location is a bit different, it's done with just a template modification that checks if it's using that location, we'll have to include a fix for it in the next update, it'll likely require a new event listener to be used, we'll take a look though
Freelancer
Well-known member
I also tried the setting named "all locations" and there the footer location is removed when logged out.
Jake B.
Well-known member
silence
Well-known member
It seems that it only shows up if you have the permission to see the donation page but not to donate, which is intended. Is there another occurrence you were talking about?
(note that this is with the fix Jake posted)
Freelancer
Well-known member
I am talking about being logged out (unregistered guest) and having no permission at all while the link location is set to "footer". Then the link is still shown in the footer – but it shouldn't.
