This covers the rather over the top RCE report that was acepted. which while i dont agree with can, be seen by potential clients of mine and as I will only be using breakdance in the future I thought we could fix this in a fairly simple way.
Add Decorators for specific purposes.
First decorator should be deprecated
<?php
/**
* @deprecated Since version 2.0. Use LayoutV2 instead.
*/
static function someMethod() { }
This could be added to design controls such as the text such as section.design.text_colors which is only visible if its already filled out. which i assume is backward compatiblity.
Then you could also have
<?php
/**
* @userrole_admin
*/
static function someMethod() { }
so that elements such as the php code element. which get mentioned in these rather over the top RCE complaints. can only be used by admin level users.
that probably needs thinking through more. but it would be a simple solution to providing more control over access to each element.
This covers the rather over the top RCE report that was acepted. which while i dont agree with can, be seen by potential clients of mine and as I will only be using breakdance in the future I thought we could fix this in a fairly simple way.
Add Decorators for specific purposes.
First decorator should be deprecated
This could be added to design controls such as the text such as section.design.text_colors which is only visible if its already filled out. which i assume is backward compatiblity.
Then you could also have
so that elements such as the php code element. which get mentioned in these rather over the top RCE complaints. can only be used by admin level users.
that probably needs thinking through more. but it would be a simple solution to providing more control over access to each element.