From e3b967f475e8933567ba7d80dacb6d496224fe55 Mon Sep 17 00:00:00 2001
From: Thomas Willingham <beardyunixer@beardyunixer.com>
Date: Mon, 15 Sep 2014 03:59:04 +0100
Subject: Very, very cautiously let a developer switch to the sys chan if
 they're also an administrator.

---
 include/security.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'include/security.php')

diff --git a/include/security.php b/include/security.php
index 0f2edc708..e83cc7061 100644
--- a/include/security.php
+++ b/include/security.php
@@ -82,6 +82,19 @@ function change_channel($change_channel) {
 			intval(PAGE_REMOVED)
 		);
 
+		// It's not there.  Is this an administrator, and is this the sys channel?
+	if (is_developer()) {
+		if (! $r) {
+			if (is_site_admin()) {
+				$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1",
+				intval($change_channel),
+				intval(PAGE_SYSTEM),
+				intval(PAGE_REMOVED)
+				);
+			}
+		}
+	}
+
 		if($r) {
 			$hash = $r[0]['channel_hash'];
 			$_SESSION['uid'] = intval($r[0]['channel_id']);
-- 
cgit v1.2.3