Don't allow switching to hidden plugin by using plug=x attribute

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)
diff --git a/html/main.php b/html/main.php

index efd6806d6ef629a076eb1238f9f8645f3533eb42..1796905bd7bcae5a70b69f20d59814d9b0b0791a 100644 (file)
--- a/html/main.php
+++ b/html/main.php
@@ -173,8 +173,22 @@ if (isset($_SESSION['plugin_dir'])){
  } else {
    $old_plugin_dir= "";
  }
+
+/* reload navigation if language changed*/  
+if($reload_navigation){
+  $plist->menu="";;
+}
+$plist->gen_headlines();
+$plist->gen_menu();
+
+
  if (isset($_GET['plug'])){
    $plug= validate($_GET['plug']);
+
+  if(!in_array_ics($plug,$plist->allowed_plug_ids)){
+    $plug = key($plist->allowed_plug_ids);
+  }
+
    $plugin_dir= $plist->get_path($plug);
    $_SESSION['plugin_dir']= $plugin_dir;
    if ($plugin_dir == ""){
@@ -286,12 +300,6 @@ $smarty->assign ("go_corner", get_template_path('images/go_corner.png'));
  $smarty->assign ("go_left", get_template_path('images/go_left.png'));
  $smarty->assign ("go_help", get_template_path('images/help.png'));
  
-/* reload navigation if language changed*/  
-if($reload_navigation){
-  $plist->menu="";;
-}
-$plist->gen_headlines();
-$plist->gen_menu();
  $smarty->assign ("menu", $plist->menu);
  $smarty->assign ("plug", "$plug");
  
diff --git a/include/class_pluglist.inc b/include/class_pluglist.inc

index 631c2cf15bcc4638e9b1292636b088aed0cf3092..89d55749e6da60b86c57542735e25a00d87ef658 100644 (file)
--- a/include/class_pluglist.inc
+++ b/include/class_pluglist.inc
@@ -29,6 +29,7 @@ class pluglist {
         var $ui= NULL;
         var $current= "";
         var $headlines = array();
+       var $allowed_plug_ids =array();
  
         function pluglist($config, $ui)
         {
@@ -132,7 +133,7 @@ class pluglist {
                                         }
  
                                         if ($this->check_access($info['ACL'])){
-
+                                               $this->allowed_plug_ids[$index]=$index;
                                                 $entries= $entries."<p class=\"menuitem\" ".
                                                         "onClick='return question(\""._("You are currently editing a database entry. Do you want to dismiss the changes?")."\", \"$href\");'>".
                                                         "<a class=\"menuitem\" ".
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 15 Jan 2007 12:03:21 +0000 (12:03 +0000)
html/main.php		patch \| blob \| history
include/class_pluglist.inc		patch \| blob \| history