Textpattern CMS support forum

You are not logged in. Register | Login | Help

#21 2016-10-17 14:06:48

ruud
Developer emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Output debug info only to logged-in users

Tiny indeed!
Can you change abc_ to etc_ please?

Offline

#22 2016-10-17 14:40:32

etc
Developer
Registered: 2010-11-11
Posts: 3,267
Website

Re: Output debug info only to logged-in users

ruud wrote #302262:

Tiny indeed!
Can you change abc_ to etc_ please?

Sure, if it stops nobody from modifying whatever he wants.


etc_[ query | search | pagination | date | tree | cache ]

Offline

#23 2018-11-03 20:17:46

etc
Developer
Registered: 2010-11-11
Posts: 3,267
Website

Re: Output debug info only to logged-in users

I revisit this topic in 4.7 context, being still skeptic about revealing sites structure to everybody.

makss wrote #302240:

It is not always possible to identify the user logged on(txp cookie). For example in the multisite installation is impossible.

It looks like this is no more the case in 4.7, thanks to @jakob patch?

Bloke wrote #302255:

I’d like some way to markup my code so I could drop in tags that don’t show up to regular visitors. Like a <txp:debug>...</txp:debug> tag pair, inside which I can drop whatever I want and only I or other privileged users can see it.

Now we have <txp:if_logged_in /> for this, but the general debugging info is still accessible to everybody.

So, is it ok to switch unlogged users to testing in debug mode? This way the eventual errors would still be displayed, but not the tag structure in the page source. Note that this does not need an extra db query, since in 4.7 we call is_logged_in() for dev theme preview anyway.


etc_[ query | search | pagination | date | tree | cache ]

Offline

#24 2018-11-04 05:57:54

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,317
Website

Re: Output debug info only to logged-in users

When I think about security, I agree with you.
When I think about how many problems were solved by people in this forum just by checking the debug screen, I don’t.

I’m wondering if there is a goldilocks method.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#25 2018-11-04 07:19:46

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,691
Website

Re: Output debug info only to logged-in users

Colak beat me to it, when mentioning the help forum users can provide when seeing the debug output.

Otherwise, yeah, debug output for logged in users only, for security reasons, and for search-engine bots reasons.

Offline

#26 2018-11-04 09:25:29

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 8,749
Website

Re: Output debug info only to logged-in users

etc wrote #314896:

is it ok to switch unlogged users to testing in debug mode?

I can’t see a problem with this. It actually solves quite a few issues as updates to php that may cause debug output to be thrown to the page won’t be seen by non- account holders. As the debug info is of questionable value to them anyway, this change makes perfect sense to me.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB