# HG changeset patch # User Christophe Lincoln # Date 1487333207 -3600 # Node ID 97dca04ea0facb6986251a44f431f602d89f2516 # Parent 7edde907440fdda98d9b13a1382a0829307e99fa Security improvment in cloud and community plugin diff -r 7edde907440f -r 97dca04ea0fa plugins/cloud/cloud.cgi --- a/plugins/cloud/cloud.cgi Fri Feb 17 12:44:05 2017 +0100 +++ b/plugins/cloud/cloud.cgi Fri Feb 17 13:06:47 2017 +0100 @@ -50,13 +50,25 @@ d="Cloud activity" [ ! check_auth ] && header "Location: $script" # Clean-up logfile - if [ "$(GET clean)" ]; then + if [ "$(GET clean)" ] && admin_user; then rm -f ${cloudlog} && touch ${cloudlog} header "Location: $HTTP_REFERER" fi header html_header user_box + cat << EOT +
+ Dashboard + Cloud files + $(gettext "More activity") +EOT + if admin_user; then + cat << EOT +$(gettext "Clean logfile")" +EOT + fi + echo "
" echo "

$(gettext "Cloud activity")

" echo '
'
 		if [ "$(GET full)" ]; then
@@ -65,13 +77,6 @@
 			tac ${cloudlog} | head -n 20
 		fi
 		echo '
' - cat << EOT -
- Cloud files - $(gettext "More activity") - $(gettext "Clean logfile") -
-EOT html_footer && exit 0 ;; *\ cloud\ *) @@ -90,9 +95,9 @@ [ -f "$cloudlog" ] || mkdir -p $(dirname $cloudlog) cat << EOT
+ Dashboard Cloud activity Raw files - Dashboard

Cloud files

diff -r 7edde907440f -r 97dca04ea0fa plugins/community/community.cgi --- a/plugins/community/community.cgi Fri Feb 17 12:44:05 2017 +0100 +++ b/plugins/community/community.cgi Fri Feb 17 13:06:47 2017 +0100 @@ -78,18 +78,23 @@ cat ${wall}/${m} | wiki_parser echo "

" done - cat << EOT + if check_auth; then + cat << EOT
$(gettext "Community Tools")
EOT + fi html_footer && exit 0 ;; - *\ community-config\ *) + *\ communityconfig\ *) d="Community plugin config" header html_header user_box + if ! admin_user; then + header "Location: $script" + fi cat << EOT
Dashboard @@ -109,11 +114,15 @@ header html_header user_box + echo '
' + if check_auth; then + echo "Dashboard" + fi + if admin_user; then + echo "Plugin Config" + fi cat << EOT -

$d

$SHORT_DESC