- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
$addon = Strings::sanitizeFilePathItem($parameters['addon']);
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
self::checkFormSecurityTokenRedirectOnError('/admin/blocklist/contact', 'admin_contactblock');
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
if (empty($_POST['page_blocklist_save']) && empty($_POST['page_blocklist_edit'])) {
return;
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
self::checkFormSecurityTokenRedirectOnError('/admin/features', 'admin_manage_features');
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
if (empty($_POST['page_deleteitem_submit'])) {
return;
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
if (empty($_POST['page_logs'])) {
return;
{
public static function rawContent(array $parameters = [])
{
- parent::rawContent($parameters);
+ self::checkAdminAccess();
phpinfo();
exit();
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
self::checkFormSecurityTokenRedirectOnError('/admin/site', 'admin_site');
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
$theme = Strings::sanitizeFilePathItem($parameters['theme']);
if (is_file("view/theme/$theme/config.php")) {
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
if (empty($_POST['page_tos'])) {
return;
{
public static function post(array $parameters = [])
{
- parent::post($parameters);
+ self::checkAdminAccess();
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\DI;
-use Friendica\Network\HTTPException\ForbiddenException;
+use Friendica\Network\HTTPException;
require_once 'boot.php';
*/
abstract class BaseAdmin extends BaseModule
{
- public static function post(array $parameters = [])
+ /**
+ * @param bool $interactive
+ * @throws HTTPException\ForbiddenException
+ * @throws HTTPException\InternalServerErrorException
+ */
+ public static function checkAdminAccess(bool $interactive = false)
{
- if (!is_site_admin()) {
- return;
+ if (!local_user()) {
+ if ($interactive) {
+ notice(DI::l10n()->t('Please login to continue.'));
+ Session::set('return_path', DI::args()->getQueryString());
+ DI::baseUrl()->redirect('login');
+ } else {
+ throw new HTTPException\UnauthorizedException(DI::l10n()->t('Please login to continue.'));
+ }
}
- // do not allow a page manager to access the admin panel at all.
- if (!empty($_SESSION['submanage'])) {
- return;
- }
- }
-
- public static function rawContent(array $parameters = [])
- {
if (!is_site_admin()) {
- return '';
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('You don\'t have access to administration pages.'));
}
if (!empty($_SESSION['submanage'])) {
- return '';
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administation pages. Please log back in as the main account.'));
}
-
- return '';
}
public static function content(array $parameters = [])
{
- if (!is_site_admin()) {
- notice(DI::l10n()->t('Please login to continue.'));
- Session::set('return_path', DI::args()->getQueryString());
- DI::baseUrl()->redirect('login');
- }
-
- if (!empty($_SESSION['submanage'])) {
- throw new ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administation pages. Please log back in as the main account.'));
- }
+ self::checkAdminAccess(true);
// Header stuff
DI::page()['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('admin/settings_head.tpl'), []);
projects / friendica.git / commitdiff