-
- 1,154 Posts
Hmm, it must do a check for loggeduser, I would think you could either modify or remove that check, or fool it into thinking the user is logged in.
It could possibly have multiple checks...but maybe not I really don't know about that.
Could you, theoretically, set a value with a custom snippet in the template header? Seems weird but if, in the current session, loggedin=1, then it could go right past the check
My terminology is wrong, of course, but whatever the logged in user value is
discuss.answer
-
- 932 Posts
I'm not sure if you could do that in newspublisher as its very secure but you could use formit and create a custom hook to create a new resource on submission.
-
- 1,154 Posts
Yeah that would be an unwise hack, wouldn't it. Lol not my finest moment
@mick2470 you'll have to run any submission through some protective filters
-
- 1,145 Posts
Although quite dangerous, I think with a little ACL tinkering you could by-pass a lot and make unlogged-in users do stuff.
I will play with it in the future.
TinymceWrapper: Complete back/frontend content solution.
Harden your MODX site by
passwording your three main folders:
core, manager, connectors and renaming your
assets (thank me later!)
5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.