From bc7b43345722917274a352dde49895e909fec6aa Mon Sep 17 00:00:00 2001
From: rub <rub@piwigo.org>
Date: Sat, 21 Oct 2006 12:07:00 +0000
Subject: Resolved Issue ID 0000356:   o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.


Merge branch-1_6 1558:1559 into BSF

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1569 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/configuration.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'admin/configuration.php')

diff --git a/admin/configuration.php b/admin/configuration.php
index 9f01849f6..5890739d6 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -53,7 +53,7 @@ while ($row = mysql_fetch_array($result))
   $conf[$row['param']] = $row['value'];
   // if the parameter is present in $_POST array (if a form is submited), we
   // override it with the submited value
-  if (isset($_POST[$row['param']]))
+  if (isset($_POST[$row['param']]) and !is_adviser())
   {
     $conf[$row['param']] = $_POST[$row['param']];
     if ( 'page_banner'==$row['param'] )
@@ -63,7 +63,7 @@ while ($row = mysql_fetch_array($result))
   }
 }
 //------------------------------ verification and registration of modifications
-if (isset($_POST['submit']))
+if (isset($_POST['submit']) and !is_adviser())
 {
   $int_pattern = '/^\d+$/';
   switch ($page['section'])
-- 
cgit v1.2.3