aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/LocalFilesEditor/admin.php6
-rw-r--r--plugins/admin_multi_view/controller.php11
2 files changed, 4 insertions, 13 deletions
diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php
index b0837345f..7d32ad061 100644
--- a/plugins/LocalFilesEditor/admin.php
+++ b/plugins/LocalFilesEditor/admin.php
@@ -164,7 +164,7 @@ switch ($page['tab'])
case 'tpl':
// New file form creation
- if ($newfile_page and !is_adviser())
+ if ($newfile_page)
{
$filename = isset($_POST['tpl_name']) ? $_POST['tpl_name'] : '';
$selected['model'] = isset($_POST['tpl_model']) ? $_POST['tpl_model'] : '0';
@@ -280,7 +280,7 @@ switch ($page['tab'])
// +-----------------------------------------------------------------------+
// | Load backup file
// +-----------------------------------------------------------------------+
-if (isset($_POST['restore']) and !is_adviser())
+if (isset($_POST['restore']))
{
$edited_file = $_POST['edited_file'];
$content_file = file_get_contents(get_bak_file($edited_file));
@@ -292,7 +292,7 @@ if (isset($_POST['restore']) and !is_adviser())
// +-----------------------------------------------------------------------+
// | Save file
// +-----------------------------------------------------------------------+
-if (isset($_POST['submit']) and !is_adviser())
+if (isset($_POST['submit']))
{
if (!is_webmaster())
{
diff --git a/plugins/admin_multi_view/controller.php b/plugins/admin_multi_view/controller.php
index d2cd612c2..2c61a9bc6 100644
--- a/plugins/admin_multi_view/controller.php
+++ b/plugins/admin_multi_view/controller.php
@@ -30,8 +30,6 @@ $refresh_main = false;
if ( isset($_GET['view_as']) )
{
- if ( is_adviser() and $user['id']!=$_GET['view_as'] and $conf['guest_id']!=$_GET['view_as'])
- die('security error');
if ($user['id']===$_GET['view_as'])
pwg_unset_session_var( 'multiview_as' );
else
@@ -111,14 +109,7 @@ $my_url = get_root_url().'plugins/'.basename(dirname(__FILE__)).'/'.basename(__F
// | users |
$query = '
SELECT '.$conf['user_fields']['id'].' AS id,'.$conf['user_fields']['username'].' AS username
-FROM '.USERS_TABLE;
-if (is_adviser())
-{
- $query .='
- WHERE '.$conf['user_fields']['id']. ' IN ('.$user['id'].','.$conf['guest_id'].')
-';
-}
-$query .='
+FROM '.USERS_TABLE.'
ORDER BY CONVERT('.$conf['user_fields']['username'].',CHAR)
;';
$user_map = simple_hash_from_query($query, 'id', 'username');