From 98c7158ec08f206c023672013648a9c96003b67e Mon Sep 17 00:00:00 2001
From: patdenice <patdenice@piwigo.org>
Date: Mon, 22 Mar 2010 12:42:42 +0000
Subject: [LocalFiles Editor] Only webmasters can create or modify local files.

git-svn-id: http://piwigo.org/svn/trunk@5256 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 plugins/LocalFilesEditor/admin.php | 59 +++++++++++++++++++++-----------------
 1 file changed, 33 insertions(+), 26 deletions(-)

(limited to 'plugins/LocalFilesEditor/admin.php')

diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php
index 4f4dca03c..0b000f2ab 100644
--- a/plugins/LocalFilesEditor/admin.php
+++ b/plugins/LocalFilesEditor/admin.php
@@ -294,38 +294,45 @@ if (isset($_POST['restore']) and !is_adviser())
 // +-----------------------------------------------------------------------+
 if (isset($_POST['submit']) and !is_adviser())
 {
-  $edited_file = $_POST['edited_file'];
-  $content_file = stripslashes($_POST['text']);
-  if (get_extension($edited_file) == 'php')
-	{
-    $content_file = eval_syntax($content_file);
-  }
-  if ($content_file === false)
-	{
-    array_push($page['errors'], l10n('locfiledit_syntax_error'));
+  if ($user['status'] != 'webmaster')
+  {
+    array_push($page['errors'], l10n('locfiledit_webmaster_only'));
   }
-	else
-	{
-    if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin'))
+  else
+  {
+    $edited_file = $_POST['edited_file'];
+    $content_file = stripslashes($_POST['text']);
+    if (get_extension($edited_file) == 'php')
     {
-      @mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin");
+      $content_file = eval_syntax($content_file);
     }
-    if (file_exists($edited_file))
+    if ($content_file === false)
     {
-      @copy($edited_file, get_bak_file($edited_file));
-      array_push($page['infos'], sprintf(l10n('locfiledit_saved_bak'), substr(get_bak_file($edited_file), 2)));
+      array_push($page['errors'], l10n('locfiledit_syntax_error'));
     }
-    
-    if ($file = @fopen($edited_file , "w"))
-		{
-      @fwrite($file , $content_file);
-      @fclose($file);
-      array_unshift($page['infos'], l10n('locfiledit_save_config'));
-      $template->delete_compiled_templates();
-    }
-		else
+    else
     {
-      array_push($page['errors'], l10n('locfiledit_cant_save'));
+      if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin'))
+      {
+        @mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin");
+      }
+      if (file_exists($edited_file))
+      {
+        @copy($edited_file, get_bak_file($edited_file));
+        array_push($page['infos'], sprintf(l10n('locfiledit_saved_bak'), substr(get_bak_file($edited_file), 2)));
+      }
+      
+      if ($file = @fopen($edited_file , "w"))
+      {
+        @fwrite($file , $content_file);
+        @fclose($file);
+        array_unshift($page['infos'], l10n('locfiledit_save_config'));
+        $template->delete_compiled_templates();
+      }
+      else
+      {
+        array_push($page['errors'], l10n('locfiledit_cant_save'));
+      }
     }
   }
 }
-- 
cgit v1.2.3