diff options
| author | patdenice <patdenice@piwigo.org> | 2010-03-27 17:32:45 +0000 |
|---|---|---|
| committer | patdenice <patdenice@piwigo.org> | 2010-03-27 17:32:45 +0000 |
| commit | 66d2cd6ec2e61dac3ccd0003294370d8035dc900 (patch) | |
| tree | efd87d6a7975143fe25563e2a7f15d25c9dc5031 /admin | |
| parent | 0b38088a7e860bbfe64c5b2726859607eb086d2d (diff) | |
Add token to themes installation.
Only webmasters can install new plugins, themes or languages.
git-svn-id: http://piwigo.org/svn/trunk@5406 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/languages_new.php | 15 | ||||
| -rw-r--r-- | admin/plugins_new.php | 17 | ||||
| -rw-r--r-- | admin/plugins_update.php | 45 | ||||
| -rw-r--r-- | admin/themes_new.php | 26 |
4 files changed, 67 insertions, 36 deletions
diff --git a/admin/languages_new.php b/admin/languages_new.php index a4e68fac5..f80ee33ee 100644 --- a/admin/languages_new.php +++ b/admin/languages_new.php @@ -58,11 +58,18 @@ if (!is_writable($languages_dir)) if (isset($_GET['revision']) and !is_adviser()) { - check_pwg_token(); + if (!is_webmaster()) + { + array_push($page['errors'], l10n('Webmaster status is required.')); + } + else + { + check_pwg_token(); - $install_status = $languages->extract_language_files('install', $_GET['revision']); - - redirect($base_url.'&installstatus='.$install_status); + $install_status = $languages->extract_language_files('install', $_GET['revision']); + + redirect($base_url.'&installstatus='.$install_status); + } } // +-----------------------------------------------------------------------+ diff --git a/admin/plugins_new.php b/admin/plugins_new.php index d699e57d9..8fa3e0ac9 100644 --- a/admin/plugins_new.php +++ b/admin/plugins_new.php @@ -36,13 +36,20 @@ $base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order; $plugins = new plugins(); //------------------------------------------------------automatic installation -if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser()) +if (isset($_GET['revision']) and isset($_GET['extension'])) { - check_pwg_token(); - - $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']); + if (!is_webmaster()) + { + array_push($page['errors'], l10n('Webmaster status is required.')); + } + else + { + check_pwg_token(); + + $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']); - redirect($base_url.'&installstatus='.$install_status); + redirect($base_url.'&installstatus='.$install_status); + } } //--------------------------------------------------------------install result diff --git a/admin/plugins_update.php b/admin/plugins_update.php index 07876ca18..332c97cb4 100644 --- a/admin/plugins_update.php +++ b/admin/plugins_update.php @@ -37,30 +37,37 @@ $plugins = new plugins(); //-----------------------------------------------------------automatic upgrade if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser()) { - check_pwg_token(); - - $plugin_id = $_GET['plugin']; - $revision = $_GET['revision']; - - if (isset($plugins->db_plugins_by_id[$plugin_id]) - and $plugins->db_plugins_by_id[$plugin_id]['state'] == 'active') + if (!is_webmaster()) { - $plugins->perform_action('deactivate', $plugin_id); - - redirect($base_url - . '&revision=' . $revision - . '&plugin=' . $plugin_id - . '&pwg_token='.get_pwg_token() - . '&reactivate=true'); + array_push($page['errors'], l10n('Webmaster status is required.')); } + else + { + check_pwg_token(); + + $plugin_id = $_GET['plugin']; + $revision = $_GET['revision']; - $upgrade_status = $plugins->extract_plugin_files('upgrade', $revision, $plugin_id); + if (isset($plugins->db_plugins_by_id[$plugin_id]) + and $plugins->db_plugins_by_id[$plugin_id]['state'] == 'active') + { + $plugins->perform_action('deactivate', $plugin_id); - if (isset($_GET['reactivate'])) - { - $plugins->perform_action('activate', $plugin_id); + redirect($base_url + . '&revision=' . $revision + . '&plugin=' . $plugin_id + . '&pwg_token='.get_pwg_token() + . '&reactivate=true'); + } + + $upgrade_status = $plugins->extract_plugin_files('upgrade', $revision, $plugin_id); + + if (isset($_GET['reactivate'])) + { + $plugins->perform_action('activate', $plugin_id); + } + redirect($base_url.'&plugin='.$plugin_id.'&upgradestatus='.$upgrade_status); } - redirect($base_url.'&plugin='.$plugin_id.'&upgradestatus='.$upgrade_status); } //--------------------------------------------------------------upgrade result diff --git a/admin/themes_new.php b/admin/themes_new.php index 2c11cf6a7..d5403b117 100644 --- a/admin/themes_new.php +++ b/admin/themes_new.php @@ -53,15 +53,24 @@ if (!is_writable($themes_dir)) // | perform installation | // +-----------------------------------------------------------------------+ -if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser()) +if (isset($_GET['revision']) and isset($_GET['extension'])) { - $install_status = $themes->extract_theme_files( - 'install', - $_GET['revision'], - $_GET['extension'] - ); - - redirect($base_url.'&installstatus='.$install_status); + if (!is_webmaster()) + { + array_push($page['errors'], l10n('Webmaster status is required.')); + } + else + { + check_pwg_token(); + + $install_status = $themes->extract_theme_files( + 'install', + $_GET['revision'], + $_GET['extension'] + ); + + redirect($base_url.'&installstatus='.$install_status); + } } // +-----------------------------------------------------------------------+ @@ -112,6 +121,7 @@ if ($themes->get_server_themes(true)) // only new themes $url_auto_install = htmlentities($base_url) . '&revision=' . $theme['revision_id'] . '&extension=' . $theme['extension_id'] + . '&pwg_token='.get_pwg_token() ; $template->append( |