diff options
| author | zotlabs <mike@macgirvin.com> | 2018-04-18 17:26:05 -0700 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2018-04-19 08:44:17 +0200 |
| commit | 1ef31d27c7b37b933f7fd0f7977d23ee186204d5 (patch) | |
| tree | d108dad3507ed803e0143006acf40cb1816ab995 | |
| parent | f634d157689f0290c1712a0b569a3b4a6af1dc82 (diff) | |
| download | volse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.tar.gz volse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.tar.bz2 volse-hubzilla-1ef31d27c7b37b933f7fd0f7977d23ee186204d5.zip | |
relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment.
| -rw-r--r-- | Zotlabs/Widget/Design_tools.php | 13 | ||||
| -rw-r--r-- | include/text.php | 2 |
2 files changed, 4 insertions, 11 deletions
diff --git a/Zotlabs/Widget/Design_tools.php b/Zotlabs/Widget/Design_tools.php index 8ab6a235d..a15c0c98d 100644 --- a/Zotlabs/Widget/Design_tools.php +++ b/Zotlabs/Widget/Design_tools.php @@ -6,16 +6,9 @@ class Design_tools { function widget($arr) { - // mod menu doesn't load a profile. For any modules which load a profile, check it. - // otherwise local_channel() is sufficient for permissions. + if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin())) + return design_tools(); - if(\App::$profile['profile_uid']) - if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys)) - return ''; - - if(! local_channel()) - return ''; - - return design_tools(); + return EMPTY_STR; } }
\ No newline at end of file diff --git a/include/text.php b/include/text.php index bc44f22f3..e09c298d2 100644 --- a/include/text.php +++ b/include/text.php @@ -2404,7 +2404,7 @@ function jindent($json) { */ function design_tools() { - $channel = App::get_channel(); + $channel = channelx_by_n(App::$profile['profile_uid']); $sys = false; if(App::$is_sys && is_site_admin()) { |