aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-04-18 17:26:05 -0700
committerMario Vavti <mario@mariovavti.com>2018-04-19 08:44:17 +0200
commit1ef31d27c7b37b933f7fd0f7977d23ee186204d5 (patch)
treed108dad3507ed803e0143006acf40cb1816ab995
parentf634d157689f0290c1712a0b569a3b4a6af1dc82 (diff)
downloadvolse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.tar.gz
volse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.tar.bz2
volse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.zip
relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment.
-rw-r--r--Zotlabs/Widget/Design_tools.php13
-rw-r--r--include/text.php2
2 files changed, 4 insertions, 11 deletions
diff --git a/Zotlabs/Widget/Design_tools.php b/Zotlabs/Widget/Design_tools.php
index 8ab6a235d..a15c0c98d 100644
--- a/Zotlabs/Widget/Design_tools.php
+++ b/Zotlabs/Widget/Design_tools.php
@@ -6,16 +6,9 @@ class Design_tools {
function widget($arr) {
- // mod menu doesn't load a profile. For any modules which load a profile, check it.
- // otherwise local_channel() is sufficient for permissions.
+ if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
+ return design_tools();
- if(\App::$profile['profile_uid'])
- if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
- return '';
-
- if(! local_channel())
- return '';
-
- return design_tools();
+ return EMPTY_STR;
}
} \ No newline at end of file
diff --git a/include/text.php b/include/text.php
index bc44f22f3..e09c298d2 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2404,7 +2404,7 @@ function jindent($json) {
*/
function design_tools() {
- $channel = App::get_channel();
+ $channel = channelx_by_n(App::$profile['profile_uid']);
$sys = false;
if(App::$is_sys && is_site_admin()) {