Automatic Approval Glitch When Adding Pages Via Sitemap
Permalink
Can anyone be a hero and help us out?
If you're running a site which is regularly updated this can be a serious issue.
Basicly any pages added ANYWHERE on your site via Dashboard > Sitemap, are automatically approved. This means anyone can read a half finished, dodgy page (at the top of your blog) before you've edited it!
- Pages added while directly browsing the site are fine (taken into edit more before publishing)
I've discussed this before here and here:
http://www.concrete5.org/developers/bugs/5-4-1-1/automatic-publishi...
http://www.concrete5.org/community/forums/usage/c5-issue-with-autom...
Back then I settled on a temporary hack of deleting the functionality in:
- js/ccm.sitemap.js
However, I'm now looking at this again and can't for the life of me figure out where the new page is getting approved.
NOTE: I have tested using site_events.php, "on_page_add" and this "Approval" seems to fire after on_page_add is called.
Note2: You can set permissions to disable permissions but that's a royal pain to maintain - (the .js hack is more efficient).
- (You need 2 accounts, 1 to approve - 1 to create)
I've tracked the code down from the sitemap > "add page" dialogue box as follows:
However since that string ($str) in page.php is md5() encoded, I have no idea what it is // what php files are called next!
The above values are what are inserted/ edited to cause this issue.
- I'm seeing "Initial Version" and "New Version 2" automatically created.
I've spent several hours searching and messing with the API to prevent auto-publishing without success.
Q: Does anyone have any ideas what's causing this and how to stop it?
Any help would be very much appreciated!!!
If you're running a site which is regularly updated this can be a serious issue.
Basicly any pages added ANYWHERE on your site via Dashboard > Sitemap, are automatically approved. This means anyone can read a half finished, dodgy page (at the top of your blog) before you've edited it!
- Pages added while directly browsing the site are fine (taken into edit more before publishing)
I've discussed this before here and here:
http://www.concrete5.org/developers/bugs/5-4-1-1/automatic-publishi...
http://www.concrete5.org/community/forums/usage/c5-issue-with-autom...
Back then I settled on a temporary hack of deleting the functionality in:
- js/ccm.sitemap.js
However, I'm now looking at this again and can't for the life of me figure out where the new page is getting approved.
NOTE: I have tested using site_events.php, "on_page_add" and this "Approval" seems to fire after on_page_add is called.
Note2: You can set permissions to disable permissions but that's a royal pain to maintain - (the .js hack is more efficient).
- (You need 2 accounts, 1 to approve - 1 to create)
I've tracked the code down from the sitemap > "add page" dialogue box as follows:
tools/edit_collection_popup.php -> elements/collection_add.php (line 55 getCollectionAction())-> models/page.php (line 1635 $str)
However since that string ($str) in page.php is md5() encoded, I have no idea what it is // what php files are called next!
Table:CollectionVersions Columns:cvIsApproved + cvApproverUID
The above values are what are inserted/ edited to cause this issue.
- I'm seeing "Initial Version" and "New Version 2" automatically created.
I've spent several hours searching and messing with the API to prevent auto-publishing without success.
Q: Does anyone have any ideas what's causing this and how to stop it?
Any help would be very much appreciated!!!
Yea, that's what I was referring to in Note#2.
Making an (admin) editor sign in and out to edit and then approve the page works.. Unfortunately it's just not very user friendly.
Making an (admin) editor sign in and out to edit and then approve the page works.. Unfortunately it's just not very user friendly.
I have not tested this at all so I have no idea if it will work... but try commenting out line 937 in concrete/startup/process.php:
$v->approve();
Jordan... I have to say - you're a flipping genius!!!
Just tested it and it works perfectly as far as I can see. No probs with approving the page afterwards!!
- Mad props to you!
Guess that's the logical location to go to since:
dispatcher.php -> startup/process.php (as part of it's init)
1 thing to note for anyone doing this.. You have to overwrite startup/process.php in the core.
- Adding it in a higher directory doesn't work.
=)
Just tested it and it works perfectly as far as I can see. No probs with approving the page afterwards!!
- Mad props to you!
Guess that's the logical location to go to since:
dispatcher.php -> startup/process.php (as part of it's init)
1 thing to note for anyone doing this.. You have to overwrite startup/process.php in the core.
- Adding it in a higher directory doesn't work.
=)
FYI:
I've added the issue to the C5 bug tracker here:
http://www.concrete5.org/index.php?cID=111565&editmode=...
Hopefully it should be noted for fixing in future versions of C5
- Alternatively look up for the fix from Jordan
Thanks once again!
I've added the issue to the C5 bug tracker here:
http://www.concrete5.org/index.php?cID=111565&editmode=...
Hopefully it should be noted for fixing in future versions of C5
- Alternatively look up for the fix from Jordan
Thanks once again!
This way only approved content goes live on your site.