diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/LocalFilesEditor/admin.php | 6 | ||||
-rw-r--r-- | plugins/admin_multi_view/controller.php | 11 |
2 files changed, 4 insertions, 13 deletions
diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php index b0837345f..7d32ad061 100644 --- a/plugins/LocalFilesEditor/admin.php +++ b/plugins/LocalFilesEditor/admin.php @@ -164,7 +164,7 @@ switch ($page['tab']) case 'tpl': // New file form creation - if ($newfile_page and !is_adviser()) + if ($newfile_page) { $filename = isset($_POST['tpl_name']) ? $_POST['tpl_name'] : ''; $selected['model'] = isset($_POST['tpl_model']) ? $_POST['tpl_model'] : '0'; @@ -280,7 +280,7 @@ switch ($page['tab']) // +-----------------------------------------------------------------------+ // | Load backup file // +-----------------------------------------------------------------------+ -if (isset($_POST['restore']) and !is_adviser()) +if (isset($_POST['restore'])) { $edited_file = $_POST['edited_file']; $content_file = file_get_contents(get_bak_file($edited_file)); @@ -292,7 +292,7 @@ if (isset($_POST['restore']) and !is_adviser()) // +-----------------------------------------------------------------------+ // | Save file // +-----------------------------------------------------------------------+ -if (isset($_POST['submit']) and !is_adviser()) +if (isset($_POST['submit'])) { if (!is_webmaster()) { diff --git a/plugins/admin_multi_view/controller.php b/plugins/admin_multi_view/controller.php index d2cd612c2..2c61a9bc6 100644 --- a/plugins/admin_multi_view/controller.php +++ b/plugins/admin_multi_view/controller.php @@ -30,8 +30,6 @@ $refresh_main = false; if ( isset($_GET['view_as']) ) { - if ( is_adviser() and $user['id']!=$_GET['view_as'] and $conf['guest_id']!=$_GET['view_as']) - die('security error'); if ($user['id']===$_GET['view_as']) pwg_unset_session_var( 'multiview_as' ); else @@ -111,14 +109,7 @@ $my_url = get_root_url().'plugins/'.basename(dirname(__FILE__)).'/'.basename(__F // | users | $query = ' SELECT '.$conf['user_fields']['id'].' AS id,'.$conf['user_fields']['username'].' AS username -FROM '.USERS_TABLE; -if (is_adviser()) -{ - $query .=' - WHERE '.$conf['user_fields']['id']. ' IN ('.$user['id'].','.$conf['guest_id'].') -'; -} -$query .=' +FROM '.USERS_TABLE.' ORDER BY CONVERT('.$conf['user_fields']['username'].',CHAR) ;'; $user_map = simple_hash_from_query($query, 'id', 'username'); |