From 98c7158ec08f206c023672013648a9c96003b67e Mon Sep 17 00:00:00 2001 From: patdenice Date: Mon, 22 Mar 2010 12:42:42 +0000 Subject: [LocalFiles Editor] Only webmasters can create or modify local files. git-svn-id: http://piwigo.org/svn/trunk@5256 68402e56-0260-453c-a942-63ccdbb3a9ee --- plugins/LocalFilesEditor/admin.php | 59 +++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 26 deletions(-) (limited to 'plugins/LocalFilesEditor/admin.php') diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php index 4f4dca03c..0b000f2ab 100644 --- a/plugins/LocalFilesEditor/admin.php +++ b/plugins/LocalFilesEditor/admin.php @@ -294,38 +294,45 @@ if (isset($_POST['restore']) and !is_adviser()) // +-----------------------------------------------------------------------+ if (isset($_POST['submit']) and !is_adviser()) { - $edited_file = $_POST['edited_file']; - $content_file = stripslashes($_POST['text']); - if (get_extension($edited_file) == 'php') - { - $content_file = eval_syntax($content_file); - } - if ($content_file === false) - { - array_push($page['errors'], l10n('locfiledit_syntax_error')); + if ($user['status'] != 'webmaster') + { + array_push($page['errors'], l10n('locfiledit_webmaster_only')); } - else - { - if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin')) + else + { + $edited_file = $_POST['edited_file']; + $content_file = stripslashes($_POST['text']); + if (get_extension($edited_file) == 'php') { - @mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin"); + $content_file = eval_syntax($content_file); } - if (file_exists($edited_file)) + if ($content_file === false) { - @copy($edited_file, get_bak_file($edited_file)); - array_push($page['infos'], sprintf(l10n('locfiledit_saved_bak'), substr(get_bak_file($edited_file), 2))); + array_push($page['errors'], l10n('locfiledit_syntax_error')); } - - if ($file = @fopen($edited_file , "w")) - { - @fwrite($file , $content_file); - @fclose($file); - array_unshift($page['infos'], l10n('locfiledit_save_config')); - $template->delete_compiled_templates(); - } - else + else { - array_push($page['errors'], l10n('locfiledit_cant_save')); + if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin')) + { + @mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin"); + } + if (file_exists($edited_file)) + { + @copy($edited_file, get_bak_file($edited_file)); + array_push($page['infos'], sprintf(l10n('locfiledit_saved_bak'), substr(get_bak_file($edited_file), 2))); + } + + if ($file = @fopen($edited_file , "w")) + { + @fwrite($file , $content_file); + @fclose($file); + array_unshift($page['infos'], l10n('locfiledit_save_config')); + $template->delete_compiled_templates(); + } + else + { + array_push($page['errors'], l10n('locfiledit_cant_save')); + } } } } -- cgit v1.2.3