Update of /cvsroot/php-blog/serendipity/include
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24425/include
Modified Files:
plugin_api.inc.php
Log Message:
< Administrator users shall not be allowed to hide plugins not added by them
Index: plugin_api.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/include/plugin_api.inc.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- plugin_api.inc.php 8 Jan 2005 14:28:22 -0000 1.13
+++ plugin_api.inc.php 10 Jan 2005 16:25:09 -0000 1.14
@@ -337,13 +337,19 @@
{
global $serendipity;
+ $admin = '';
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $placement = 'hidden') {
+ // Only administrators can set plugins to 'hidden' if they are not the owners.
+ $admin = " AND (authorid = 0 OR authorid = {$serendipity['authorid']})";
+ }
+
$sql = "UPDATE {$serendipity['dbPrefix']}plugins set placement='$placement' ";
if ($order !== null) {
$sql .= ", sort_order=$order ";
}
- $sql .= "WHERE name='$name'";
+ $sql .= "WHERE name='$name' $admin";
return serendipity_db_query($sql);
}
|
