0
votes

I just finished designing a new website using Joomla 2.5 which was an upgrade of a previous Joomla 1.5 site. I used Jupgrade and all went well. The new site works perfectly on my Xampp server. I uploaded the site to a "live" server and it works except for one important function - public users are able to make changes to a calendar component (Zap Calendar) that I am using. The Joomla ACL is set up so that only registered users are allowed to add events and edit their own. This works fine when a user logs in. If no one is logged in (i.e. public access) you can edit any event and add an event. Joomla ACL is setup properly with inherited "Not Allowed" permissions within the calendar component for all public functions.

What I tried:

  1. Installed ACL Manager, fixed all errors found, and verified public denial of access.
  2. Created a Guest group which behaves the same.

I have spent hours on this and the strange thing again is that the site works properly on my Xampp 1.8.2 server. Both servers are running php 5.4.25. Any help would be greatly appreciated as my site cannot go live with this big security issue.

1
Have you contacted Zap Calendar's developers and ACL Manager's developers for helping you on this issue?Hung Tran

1 Answers

0
votes

I have contacted the developer of Zap Calendar but he was not able to fix it. My host moved the site from a subfolder to the root of "public_html" and that fixed the problem. For some apparent reason the site being installed on a subfolder prevented the Joomla ACL from working properly. Odd.