system-permissions-variables

Content Permissions

As a security measure, Magento includes a whitelist of content that can be referenced by
custom modules and extensions. Some implementations such as blog extensions, reference
content that can be accessed only if the directive is in the whitelist. For example, a module or
extension might include the following markup tags on CMS pages or in email templates.
{{config path=”web/unsecure/base_url”}}
{{block type=rss/order_new}}

Commonly Used Directives

You can add the most commonly used variable and block references to the whitelist from the
Admin. If not included in the list of allowed directives, it must be added to the database
installation script on the server. Some configuration variables or blocks can be added to the
whitelist only by running a data update script that lists each additional directive.

Variable and Block Names in Script

permission_variable
permission_block

To add a variable to the whitelist:

1. On the Admin menu, select System > Permissions. Then, choose Variables.
2. Click the Add New Variable button.

3. Enter the Variable Name.
4. Set Is Allowed to “Yes.”
5. When complete, click Save Variable.

To add a block to the whitelist:

1. On the Admin menu, select System > Permissions. Then, choose Blocks.
2. Click the Add New Block button.

3. Enter the Block Name.
4. Set Is Allowed to “Yes.”
5. When complete, click Save Block

Leave a Comment

Your email address will not be published. Required fields are marked *