Changeset 316

Show
Ignore:
Timestamp:
06/03/08 17:02:21 (6 months ago)
Author:
dramirez
Message:

Fixed a security issue

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • role/trunk/README.txt

    r314 r316  
    22================ 
    33 
    4 This plugin add to Elgg the capacity for manage roles. 
     4This plugin add to Elgg the capacity for manage roles. It requires libjquery and libjquerysuggest. 
    55 
    66Check the config.php for specify the roles availables for your system. 

  • role/trunk/plugin.info

    r314 r316  
    11Maintainer: Diego Andrés Ramírez Aragón <diego@somosmas.org> 
    22Title: Role 
    3 Version: 1.0 
     3Version: 1.1 
    44Package: role 
    55Distribution-URL: http://elgg.org/mod/plugins/plugin.php?id=89 

  • role/trunk/roles.php

    r314 r316  
    11<?php 
    22/** 
    3 *   
    4 * @author Diego Andrés Ramírez Aragón <diego@somosmas.org> 
    5 * @copyright Corporación Somos más - 2008 
    6 */ 
     3 * 
     4 * @author Diego Andrés Ramírez Aragón <diego@somosmas.org> 
     5 * @copyright Corporación Somos más - 2008 
     6 */ 
    77require_once (dirname ( dirname ( __FILE__ ) ) . "/../includes.php"); 
    88 
     
    1212templates_js_setup("role_js"); 
    1313 
    14 $title = __gettext ( "Role Management" ); 
    15 $body = run("role:management"); 
     14if(isloggedin() && isadmin()){ 
     15  $title = __gettext ( "Role Management" ); 
     16  $body = run("role:management"); 
     17
     18else{ 
     19  $body = "<p>".__gettext("You are not authorized for see this page!")."</p>"; 
     20
    1621 
    1722templates_page_output($title, $body); 

  • role/trunk/user_roles.php

    r314 r316  
    11<?php 
    22/** 
    3 *   
    4 * @author Diego Andrés Ramírez Aragón <diego@somosmas.org> 
    5 * @copyright Corporación Somos más - 2008 
    6 */ 
     3 * 
     4 * @author Diego Andrés Ramírez Aragón <diego@somosmas.org> 
     5 * @copyright Corporación Somos más - 2008 
     6 */ 
    77require_once (dirname ( dirname ( __FILE__ ) ) . "/../includes.php"); 
    88global $metatags,$CFG; 
     
    1616templates_js_setup("jquery:suggest"); 
    1717 
    18 $title = __gettext ( "Role assignment" ); 
    19 $body = run("role:users"); 
     18if(isloggedin() && isadmin()){ 
     19  $title = __gettext ( "Role assignment" ); 
     20  $body = run("role:users"); 
     21
     22else{ 
     23  $body = "<p>".__gettext("You are not authorized for see this page!")."</p>"; 
     24
    2025 
    2126templates_page_output($title, $body);