[n] Template Security 1.1.0

Compatible XF Versions

Enhance the security on your site using this very basic add-on. There has been a surprising increase in malicious attacks to XenForo sites through injection of malicious code into your templates. Limiting the access of all templates to yourself and a small handful may not always be a possibility, so this add-on allows you to limit certain templates to certain users, reducing vulnerability to key templates like login handlers, page_container, change password pages, etc. in case a staff account is compromised.

This add-on is free - we believe in promoting security and hopefully this assists with that. There is also no branding associated with this add-on.

Features:

Limit access to certain templates
Be able to give normal template access to administrators, and only be able to block certain templates rather than revoke all access
Securely limit templates through your library/config.php file, which means this cannot be affected by any web user - this must be done through the files
Ensure that normal administrators cannot disable this add-on - you must be a super admin (as defined in config.php) to disable this add-on
Send alerts to super admins on attempt of modifying a protected template (possibly be able to see account compromise/suspicious activity)
Prevent circumvention of this system - the add-on also checks template modifications

Installation

Unzip aTemplateSecurity-{version}.zip
Upload the contents of the upload directory to your XenForo installation
Install the add-on by the following method:
Admin CP -> Add-ons -> Install Add-on ->
Install from uploaded file:
Upload addon-aUserProfileProgress.xml
OR
Install from file on server:
install/data/addon-aTemplateSecurity.xml
The add-on should now install, and a short rebuilding process should occur. Once done, the installation has been successful!

Usage
By default, any administrator with normal template editing permissions will be able to edit templates. Templates must be restricted, if you wish to restrict them. To do this, add this line to xf_root/library/config.php:

PHP:

$config['template_security']['template_name'] = '1';

e.g.

PHP:

$config['template_security']['helper_login_form'] = '1';
$config['template_security']['PAGE_CONTAINER'] = '1';
$config['template_security']['account_security'] = '1';
$config['template_security']['login_bar_form'] = '1';

(you may use this code if you wish, it restricts the templates were raw passwords are embedded).

Change '1' to the user IDs of the users you want to be able to edit this template.

Please enter all template names in the case they are, so page_container will not work, as it is PAGE_CONTAINER (it is capitalised), whilst helper_login_form is all lowercase, so a mixed case or uppercase will not work. Please ensure the capitalisation of the template is correct.

In the features we mention that only super admins can disable this add-on. There is little purpose if a normal administrator can disable this add-on and circumvent the restriction. So, to disable this add-on, you must be a super admin. This isn't a super admin exclusive to this add-on, we just use XenForo's default super admin system for this, defined by:

PHP:

$config['superAdmins'] = '1';

in the same file.

Database
No changes to the database!

Branding Information
This add-on does not contain any visible branding.

Reactions: Tony', izibitzi, idspro and 2 others

xF1 Unmaintained [n] Template Security 1.1.0

More resources from AnimeHaxor

Share this resource

Similar resources