aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/widgets.php17
-rw-r--r--mod/admin.php7
-rw-r--r--view/js/acl.js4
3 files changed, 25 insertions, 3 deletions
diff --git a/include/widgets.php b/include/widgets.php
index fc6fee2ef..2b1fb2859 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1238,6 +1238,23 @@ function widget_album($args) {
if($args['title'])
$title = $args['title'];
+ /**
+ * This may return incorrect permissions if you have multiple directories of the same name.
+ * It is a limitation of the photo table using a name for a photo album instead of a folder hash
+ */
+
+ if($album) {
+ $x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
+ dbesc($album),
+ intval($owner_uid)
+ );
+ if($x) {
+ $y = attach_can_view_folder($owner_uid,get_observer_hash(),$x[0]['hash']);
+ if(! $y)
+ return '';
+ }
+ }
+
$order = 'DESC';
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN
diff --git a/mod/admin.php b/mod/admin.php
index a884b7658..3f1a69ca6 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -1042,7 +1042,12 @@ function admin_page_plugins(&$a){
}
$admin_form = '';
- if (is_array($a->plugins_admin) && in_array($plugin, $a->plugins_admin)){
+
+ $r = q("select * from addon where plugin_admin = 1 and name = '%s' limit 1",
+ dbesc($plugin)
+ );
+
+ if($r) {
@require_once("addon/$plugin/$plugin.php");
if(function_exists($plugin.'_plugin_admin')) {
$func = $plugin.'_plugin_admin';
diff --git a/view/js/acl.js b/view/js/acl.js
index a0c1c6c02..ed8af478a 100644
--- a/view/js/acl.js
+++ b/view/js/acl.js
@@ -31,7 +31,7 @@ function ACL(backend_url, preset) {
$("#acl-search").keypress(that.on_search);
/* startup! */
- that.get(0,1000);
+ that.get(0,15000);
that.on_submit();
});
}
@@ -60,7 +60,7 @@ ACL.prototype.on_submit = function() {
ACL.prototype.search = function() {
var srcstr = $("#acl-search").val();
that.list_content.html("");
- that.get(0, 1000, srcstr);
+ that.get(0, 15000, srcstr);
};
ACL.prototype.on_search = function(event) {