Marcher Technologies

  • Content count

  • Joined

  • Last visited

  • Days Won


Marcher Technologies last won the day on August 19 2015

Marcher Technologies had the most liked content!

About Marcher Technologies

  • Rank
  • Birthday 05/02/1986

IPS Marketplace

  • Resources Contributor
    Total file submissions: 51

Profile Information

  • Gender

Recent Profile Visitors

116,056 profile views
  1. To be clear, i'm not against an enhancement here, was just stating reality. To be of real usefulness such a constant would need to disable editing templates, sql toolbox, exporting any data such as members, templates, etc, and disallow installing applications and plugins. Disable, as in, fully error out, restrictions becoming irrelevant, nobody can use these features. I am aware of a constant for the latter two items.
  2. ^ This. All they need is theme access. Template logic, by design, allows arbitrary PHP code execution. From there, anything is possible. Game over.
  3. At which point Randy is correct. if they have compromised an admin account with access to manage admin restrictions, they are far enough in to do much anything they want, even if by resorting to editing theme templates if the options mentioned have been removed and \IPS\NO_WRITES is enabled.
  4. Why would you allow a restricted admin account access to manage admin restrictions? :|
  5. Per picture, the 'x and y others liked this' appears to be often incorrect:
  6. Perhaps my logic is flawed. I do use a password manager. From my perspective and understanding of the relevant technology, if an attacker was to gain access to this account, they will have to have gained access to my password manager, as brute forcing such a large and complex password would take decades, even if for some reason the database was compromised. Security questions such as these would be a last barrier to entry on this specific account, and as a result I wouldn't think it wise to store the answers to such questions anywhere, much less in the same password manager that would very likely already be compromised.
  7. Shouldn't the user be able to define their own security questions? It is the only way to have them be truly secure, questions like this are quite easy to get the answers to with simple social engineering. I skipped them as well, because there is a vast amount of assumption, only one question is valid. I'd be concerned if I didn't use 30-character passwords.
  8. Um, yeah, iframes being posted are flagged as XSS and blocked by that header, regardless of whether they are trusted. I don't think your server should be deciding that header, that is the software's decision based on it's needs.
  9. Per title. It really, really, looks bad. I managed to hack in a horizontal layout with some css, but it's not something that is something I can share due to a lot of nth-of-type usage that meets my specific usage but wouldn't work well with more or less filterable fields. Every other widget has a horizontal view. Please consider baking one in for this.
  10. That's not the way oauth2 is supposed to work. That is for authorizing the user's login, not for authorizing the user's session, the latter of which is quite intentionally left to the application to handle. Not sure why you would actively force people to log in every time they view the site instead of allowing it to be remembered...
  11. Edit the theme setting labeled 'Feeds Layout' and change it from 'List' to 'Grid'.
  12. That's unfortunately outside the scope of this modification. That said, it can be achieved with a quick edit to the 'Category Articles' template in use(check the database settings to be sure which template group is in use). In the 'entry' template of the template group in use, find: <section class='ipsType_normal ipsType_richText ipsType_break ipsSpacer_bottom' data-ipsTruncate data-ipsTruncate-size='7 lines' data-ipsTruncate-type='remove'> Adjust the data-ipsTruncate-size='7 lines' part as desired.
  13. Thank you for the PM granting access. For other's reference, this was an odd one, with an RSS 2.0 feed using ATOM elements causing IPS' parser to choke silently and falsely return no feed items. The best way to determine if such is my problem's or IPS' is to make a new admin-only forum, and make a new RSS/ATOM Import in the forums application, from the forums application, using the troublesome RSS\ATOM URL. If you still see no results/imports, submit a ticket to IPS referencing the forums application import and the admin-only forum created, and have them look into why the parser won't play nice with the feed. Otherwise, please do post here, as that would be my problem. If, as the affected site's admin, you don't have/use the forums app to test with, i'll still be happy to debug any issues like this, and either fix it if it is my problem, or pass on my findings to help expedite support if it is indeed a core issue.
  14. what is the RSS feed source url please?
  15. what are you trying to do specifically, and what has you stumped? installation is as normal via upload .tar via install application from the ACP, then visit and configure the desired functionality for imports and/or feed listing under the new Feeds tab on the left.