As part of general website security, these changes can be incorporated as part of #369.
Despite a lot of file changes, most simply change the hard-coded 'admin' folder to use a new global constant 'ADMIN'. This ADMIN constant is automatically calculated when using the backend interface (see admin/index.php), and should be manually added to defines.php if needed for user management in the front end.
The only issues beyond this were:
The constant THEMES_ADMIN is problematic, so code in plugins/box/themes.plugin.php detects a default THEMES_ADMIN value and quietly ignores it. This ensures existing installs won't break without change.
Using the 'members area' login/logout in the frontend, definitively requires the ADMIN constant to be defined. In case an existing install does not define ADMIN in defines.php, it is detected in Monstra::loadDefines() and defined there, so that things won't crash (but may cause 404's)
The Information > Security tab has been updated to describe the actions an admininstrator needs to take (rename admin folder and add ADMIN to defines.php). See screenshot below
As part of general website security, these changes can be incorporated as part of #369.
Despite a lot of file changes, most simply change the hard-coded 'admin' folder to use a new global constant 'ADMIN'. This ADMIN constant is automatically calculated when using the backend interface (see admin/index.php), and should be manually added to defines.php if needed for user management in the front end.
The only issues beyond this were:
The Information > Security tab has been updated to describe the actions an admininstrator needs to take (rename admin folder and add ADMIN to defines.php). See screenshot below