tinycm rev 31

Small fixes to activity and security
author Christophe Lincoln <pankso@slitaz.org>
date Mon Jan 06 18:47:03 2014 +0000 (2014-01-06)
parents de9aeda8602a
children c4b94b7a7dd6
files index.cgi plugins/blog/blog.cgi
line diff
     1.1 --- a/index.cgi	Mon Jan 06 15:15:38 2014 +0000
     1.2 +++ b/index.cgi	Mon Jan 06 18:47:03 2014 +0000
     1.3 @@ -339,7 +339,7 @@
     1.4  	# Log
     1.5  	if [ "$new" ]; then
     1.6  		echo "Page created by: $(link_user)" | log
     1.7 -		
     1.8 +		echo "New document: <a href='$script?d=$d'>$d</a>" | log_activity
     1.9  		if [ "$HG" == "yes" ]; then
    1.10  			cd $content && hg -q add
    1.11  			hg commit -q -u "$NAME <$MAIL>" -m "Created new document: $d"
    1.12 @@ -348,7 +348,6 @@
    1.13  	else
    1.14  		# Here we may clean log: cat && tail -n 40
    1.15  		echo "Page edited by: $(link_user)" | log
    1.16 -		echo "New document: <a href='$script?d=$d'>$d</a>" | log_activity
    1.17  		if [ "$HG" == "yes" ]; then
    1.18  			cd $content && hg commit -q -u "$NAME <$MAIL>" \
    1.19  				-m "Edited document: $d"
    1.20 @@ -372,8 +371,8 @@
    1.21  <div id="tools">
    1.22  	<a href="$script?edit=$d">$(gettext "Edit document")</a>
    1.23  	<a href="$script?diff=$d">$(gettext "Last diff")</a>
    1.24 -	<a href="$script?log=$d">$(gettext "Activity")</a>
    1.25 -	<a href="$script?dashboard">Dashboard</a>
    1.26 +	<a href="$script?log=$d">$(gettext "File log")</a>
    1.27 +	<a href="$script?dashboard">$(gettext "Dashboard")</a>
    1.28  	$([ "$HG" == "yes" ] && echo "<a href='$script?hg'>Hg Log</a>")
    1.29  </div>
    1.30  EOT

     2.1 --- a/plugins/blog/blog.cgi	Mon Jan 06 15:15:38 2014 +0000
     2.2 +++ b/plugins/blog/blog.cgi	Mon Jan 06 18:47:03 2014 +0000
     2.3 @@ -87,7 +87,7 @@
     2.4  		html_header
     2.5  		user_box
     2.6  		# Blog tools for auth users
     2.7 -		if ! admin_user; then
     2.8 +		if ! check_auth && admin_user; then
     2.9  			gettext "You must be admin to create a new Blog post"
    2.10  			html_footer && exit 0
    2.11  		fi
    2.12 @@ -116,7 +116,7 @@
    2.13  
    2.14  	*\ blogsave\ *)
    2.15  		d="$(GET blogsave)"
    2.16 -		if admin_user; then
    2.17 +		if check_auth && admin_user; then
    2.18  			[ -d "$blog" ] || mkdir -p ${blog}
    2.19  			# New post ?
    2.20  			if [ ! -f "${blog}/${d}.txt" ]; then
    2.21 @@ -138,7 +138,7 @@
    2.22  		user_box
    2.23  		#echo "<h2>$(gettext "Latest blog posts")</h2>"
    2.24  		# Blog tools for auth users
    2.25 -		if admin_user; then
    2.26 +		if check_auth && admin_user; then
    2.27  			blog_tools
    2.28  		fi
    2.29  		# Exit if plugin is disabled