From e3b967f475e8933567ba7d80dacb6d496224fe55 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Mon, 15 Sep 2014 03:59:04 +0100 Subject: Very, very cautiously let a developer switch to the sys chan if they're also an administrator. --- include/security.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/security.php b/include/security.php index 0f2edc708..e83cc7061 100644 --- a/include/security.php +++ b/include/security.php @@ -82,6 +82,19 @@ function change_channel($change_channel) { intval(PAGE_REMOVED) ); + // It's not there. Is this an administrator, and is this the sys channel? + if (is_developer()) { + if (! $r) { + if (is_site_admin()) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1", + intval($change_channel), + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } + } + } + if($r) { $hash = $r[0]['channel_hash']; $_SESSION['uid'] = intval($r[0]['channel_id']); -- cgit v1.2.3