tinycm rev 93
Security improvment in cloud and community plugin
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Fri Feb 17 13:06:47 2017 +0100 (2017-02-17) |
| parents | 7edde907440f |
| children | 5b8fd5ab20b7 |
| files | plugins/cloud/cloud.cgi plugins/community/community.cgi |
line diff
1.1 --- a/plugins/cloud/cloud.cgi Fri Feb 17 12:44:05 2017 +0100 1.2 +++ b/plugins/cloud/cloud.cgi Fri Feb 17 13:06:47 2017 +0100 1.3 @@ -50,13 +50,25 @@ 1.4 d="Cloud activity" 1.5 [ ! check_auth ] && header "Location: $script" 1.6 # Clean-up logfile 1.7 - if [ "$(GET clean)" ]; then 1.8 + if [ "$(GET clean)" ] && admin_user; then 1.9 rm -f ${cloudlog} && touch ${cloudlog} 1.10 header "Location: $HTTP_REFERER" 1.11 fi 1.12 header 1.13 html_header 1.14 user_box 1.15 + cat << EOT 1.16 +<div id="tools"> 1.17 + <a href="$script?dashboard">Dashboard</a> 1.18 + <a href="$script?cloud">Cloud files</a> 1.19 + <a href="$script?cloudlog&full">$(gettext "More activity")</a> 1.20 +EOT 1.21 + if admin_user; then 1.22 + cat << EOT 1.23 +<a href="$script?cloudlog&clean">$(gettext "Clean logfile")</a>" 1.24 +EOT 1.25 + fi 1.26 + echo "</div>" 1.27 echo "<h2>$(gettext "Cloud activity")</h2>" 1.28 echo '<pre>' 1.29 if [ "$(GET full)" ]; then 1.30 @@ -65,13 +77,6 @@ 1.31 tac ${cloudlog} | head -n 20 1.32 fi 1.33 echo '</pre>' 1.34 - cat << EOT 1.35 -<div id="tools"> 1.36 - <a href="$script?cloud">Cloud files</a> 1.37 - <a href="$script?cloudlog&full">$(gettext "More activity")</a> 1.38 - <a href="$script?cloudlog&clean">$(gettext "Clean logfile")</a> 1.39 -</div> 1.40 -EOT 1.41 html_footer && exit 0 ;; 1.42 1.43 *\ cloud\ *) 1.44 @@ -90,9 +95,9 @@ 1.45 [ -f "$cloudlog" ] || mkdir -p $(dirname $cloudlog) 1.46 cat << EOT 1.47 <div id="tools"> 1.48 + <a href="$script?dashboard">Dashboard</a> 1.49 <a href="$script?cloudlog">Cloud activity</a> 1.50 <a href="$content/cloud">Raw files</a> 1.51 - <a href="$script?dashboard">Dashboard</a> 1.52 </div> 1.53 1.54 <h2>Cloud files</h2>
2.1 --- a/plugins/community/community.cgi Fri Feb 17 12:44:05 2017 +0100 2.2 +++ b/plugins/community/community.cgi Fri Feb 17 13:06:47 2017 +0100 2.3 @@ -78,18 +78,23 @@ 2.4 cat ${wall}/${m} | wiki_parser 2.5 echo "</p></div>" 2.6 done 2.7 - cat << EOT 2.8 + if check_auth; then 2.9 + cat << EOT 2.10 <div id="tools"> 2.11 <a href="$script?community">$(gettext "Community Tools")</a> 2.12 </div> 2.13 EOT 2.14 + fi 2.15 html_footer && exit 0 ;; 2.16 2.17 - *\ community-config\ *) 2.18 + *\ communityconfig\ *) 2.19 d="Community plugin config" 2.20 header 2.21 html_header 2.22 user_box 2.23 + if ! admin_user; then 2.24 + header "Location: $script" 2.25 + fi 2.26 cat << EOT 2.27 <div id="tools"> 2.28 <a href="$script?dashboard">Dashboard</a> 2.29 @@ -109,11 +114,15 @@ 2.30 header 2.31 html_header 2.32 user_box 2.33 + echo '<div id="tools">' 2.34 + if check_auth; then 2.35 + echo "<a href='$script?dashboard'>Dashboard</a>" 2.36 + fi 2.37 + if admin_user; then 2.38 + echo "<a href='$script?communityconfig'>Plugin Config</a>" 2.39 + fi 2.40 cat << EOT 2.41 -<div id="tools"> 2.42 - <a href="$script?dashboard">Dashboard</a> 2.43 - <a href="$script?wall">Community Wall</a> 2.44 - <a href="$script?community-config">Plugin Config</a> 2.45 +<a href="$script?wall">Community Wall</a> 2.46 </div> 2.47 <h2>$d</h2> 2.48 <p>$SHORT_DESC</p>