Add token to themes installation.

Only webmasters can install new plugins, themes or languages. git-svn-id: http://piwigo.org/svn/trunk@5406 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-06-02 04:15:05 +02:00 · 2010-03-27 17:32:45 +00:00
parent 0b38088a7e
commit 66d2cd6ec2
6 changed files with 70 additions and 37 deletions
@@ -58,11 +58,18 @@ if (!is_writable($languages_dir))

 if (isset($_GET['revision']) and !is_adviser())
 {
-  check_pwg_token();
+  if (!is_webmaster())
+  {
+    array_push($page['errors'], l10n('Webmaster status is required.'));
+  }
+  else
+  {
+    check_pwg_token();

-  $install_status = $languages->extract_language_files('install', $_GET['revision']);
-  
-  redirect($base_url.'&installstatus='.$install_status);
+    $install_status = $languages->extract_language_files('install', $_GET['revision']);
+
+    redirect($base_url.'&installstatus='.$install_status);
+  }
 }

 // +-----------------------------------------------------------------------+
@@ -36,13 +36,20 @@ $base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order;
 $plugins = new plugins();

 //------------------------------------------------------automatic installation
-if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
+if (isset($_GET['revision']) and isset($_GET['extension']))
 {
-  check_pwg_token();
-  
-  $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);
+  if (!is_webmaster())
+  {
+    array_push($page['errors'], l10n('Webmaster status is required.'));
+  }
+  else
+  {
+    check_pwg_token();
+    
+    $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);

-  redirect($base_url.'&installstatus='.$install_status);
+    redirect($base_url.'&installstatus='.$install_status);
+  }
 }

 //--------------------------------------------------------------install result
@@ -37,30 +37,37 @@ $plugins = new plugins();
 //-----------------------------------------------------------automatic upgrade
 if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser())
 {
-  check_pwg_token();
-  
-  $plugin_id = $_GET['plugin'];
-  $revision = $_GET['revision'];
-
-  if (isset($plugins->db_plugins_by_id[$plugin_id])
-    and $plugins->db_plugins_by_id[$plugin_id]['state'] == 'active')
+  if (!is_webmaster())
  {
-    $plugins->perform_action('deactivate', $plugin_id);
-
-    redirect($base_url
-      . '&revision=' . $revision
-      . '&plugin=' . $plugin_id
-      . '&pwg_token='.get_pwg_token()
-      . '&reactivate=true');
+    array_push($page['errors'], l10n('Webmaster status is required.'));
  }
-
-  $upgrade_status = $plugins->extract_plugin_files('upgrade', $revision, $plugin_id);
-
-  if (isset($_GET['reactivate']))
+  else
  {
-    $plugins->perform_action('activate', $plugin_id);
+    check_pwg_token();
+    
+    $plugin_id = $_GET['plugin'];
+    $revision = $_GET['revision'];
+
+    if (isset($plugins->db_plugins_by_id[$plugin_id])
+      and $plugins->db_plugins_by_id[$plugin_id]['state'] == 'active')
+    {
+      $plugins->perform_action('deactivate', $plugin_id);
+
+      redirect($base_url
+        . '&revision=' . $revision
+        . '&plugin=' . $plugin_id
+        . '&pwg_token='.get_pwg_token()
+        . '&reactivate=true');
+    }
+
+    $upgrade_status = $plugins->extract_plugin_files('upgrade', $revision, $plugin_id);
+
+    if (isset($_GET['reactivate']))
+    {
+      $plugins->perform_action('activate', $plugin_id);
+    }
+    redirect($base_url.'&plugin='.$plugin_id.'&upgradestatus='.$upgrade_status);
  }
-  redirect($base_url.'&plugin='.$plugin_id.'&upgradestatus='.$upgrade_status);
 }

 //--------------------------------------------------------------upgrade result
@@ -53,15 +53,24 @@ if (!is_writable($themes_dir))
 // |                       perform installation                            |
 // +-----------------------------------------------------------------------+

-if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
+if (isset($_GET['revision']) and isset($_GET['extension']))
 {
-  $install_status = $themes->extract_theme_files(
-    'install',
-    $_GET['revision'],
-    $_GET['extension']
-    );
-  
-  redirect($base_url.'&installstatus='.$install_status);
+  if (!is_webmaster())
+  {
+    array_push($page['errors'], l10n('Webmaster status is required.'));
+  }
+  else
+  {
+    check_pwg_token();
+
+    $install_status = $themes->extract_theme_files(
+      'install',
+      $_GET['revision'],
+      $_GET['extension']
+      );
+    
+    redirect($base_url.'&installstatus='.$install_status);
+  }
 }

 // +-----------------------------------------------------------------------+
@@ -112,6 +121,7 @@ if ($themes->get_server_themes(true)) // only new themes
    $url_auto_install = htmlentities($base_url)
      . '&amp;revision=' . $theme['revision_id']
      . '&amp;extension=' . $theme['extension_id']
+      . '&amp;pwg_token='.get_pwg_token()
      ;

    $template->append(
@@ -759,4 +759,5 @@ $lang['Select:'] = 'Select:';
 $lang['None'] = 'None';
 $lang['Invert'] = 'Invert';
 $lang['Impossible to deactivate this theme, you need at least one theme.'] = 'Impossible to deactivate this theme, you need at least one theme.';
+$lang['Webmaster status is required.'] = 'Webmaster status is required.';
 ?>
@@ -762,4 +762,5 @@ $lang['Select:'] = 'Sélectionner :';
 $lang['None'] = 'Rien';
 $lang['Invert'] = 'Inverser';
 $lang['Impossible to deactivate this theme, you need at least one theme.'] = 'Impossible de désactiver ce thème, il doit rester au moins un thème activé.';
+$lang['Webmaster status is required.'] = 'Vous devez avoir le status de "webmaster".';
 ?>