From e57e4f1eb07fc8d2fd8f9b4dca79808809f7a91f Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Thu, 2 Feb 2006 08:45:43 +0000
Subject: [PATCH] hide external plugins for unauthorized users
---
docs/NEWS | 5 ++++-
serendipity_admin.php | 16 +++++++++-------
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/docs/NEWS b/docs/NEWS
index aeb70e9..fa8b188 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,11 +3,14 @@
Version 1.0-beta2 ()
------------------------------------------------------------------------
+ * When the "no_create" privilege is set, deny users access to any
+ external admin plugins (garvinhicking)
+
* Made categories plugin default HTML output more XHTML compliant.
(garvinhicking)
* Added option "stronger captchas" in spamblock plugin.
-
+
* Transcode incoming trackbacks from the given charset to your blog's
charset. Reliably only works with the two most common formats,
ISO-8859-1 <-> UTF-8. (garvinhicking)
diff --git a/serendipity_admin.php b/serendipity_admin.php
index b05ad5f..7129735 100644
--- a/serendipity_admin.php
+++ b/serendipity_admin.php
@@ -56,7 +56,7 @@ if (serendipity_is_iframe()) {
Spawnnugget();
}
}
-
+
function SetCookie(name, value) {
var today = new Date();
var expire = new Date();
@@ -176,7 +176,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
<?php if (serendipity_checkPermission('adminCategories')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=category&serendipity[adminAction]=view"><?php echo CATEGORIES; ?></a></li>
<?php } ?>
- <?php serendipity_plugin_api::hook_event('backend_sidebar_entries', $serendipity); ?>
+ <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_entries', $serendipity); ?>
</ul>
<?php } ?>
<?php if (serendipity_checkPermission('adminImages')) { ?>
@@ -194,7 +194,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
<?php if (serendipity_checkPermission('adminImagesSync')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=sync" onclick="return confirm('<?php echo WARNING_THIS_BLAHBLAH; ?>');"><?php echo CREATE_THUMBS; ?></a></li>
<?php } ?>
- <?php serendipity_plugin_api::hook_event('backend_sidebar_entries_images', $serendipity); ?>
+ <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_entries_images', $serendipity); ?>
</ul>
<?php } ?>
<?php if (serendipity_checkPermission('adminTemplates') || serendipity_checkPermission('adminPlugins')) { ?>
@@ -206,7 +206,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
<?php if (serendipity_checkPermission('adminPlugins')) { ?>
<li><a href="serendipity_admin.php?serendipity[adminModule]=plugins"><?php echo CONFIGURE_PLUGINS; ?></a></li>
<?php } ?>
- <?php serendipity_plugin_api::hook_event('backend_sidebar_admin_appearance', $serendipity); ?>
+ <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_admin_appearance', $serendipity); ?>
</ul>
<?php } ?>
<?php if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration') || serendipity_checkPermission('adminUsers') || serendipity_checkPermission('adminUsersGroups') || serendipity_checkPermission('adminImport')) { ?>
@@ -225,7 +225,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
<li><a href="serendipity_admin.php?serendipity[adminModule]=import"><?php echo IMPORT_ENTRIES; ?></a></li>
<li><a href="serendipity_admin.php?serendipity[adminModule]=export"><?php echo EXPORT_ENTRIES; ?></a></li>
<?php } ?>
- <?php serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); ?>
+ <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); ?>
</ul>
<?php } ?>
<br />
@@ -240,7 +240,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
if (!isset($serendipity['GET']['adminModule'])) {
$serendipity['GET']['adminModule'] = (isset($serendipity['POST']['adminModule']) ? $serendipity['POST']['adminModule'] : '');
}
-
+
serendipity_checkXSRF();
switch($serendipity['GET']['adminModule']) {
@@ -348,7 +348,9 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
break;
case 'event_display':
- serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
+ if ($serendipity['no_create'] !== true) {
+ serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
+ }
break;
case 'logout':
--
2.39.5