From 0b9e17778234884c96e6f29670871f63989bcfa4 Mon Sep 17 00:00:00 2001 From: plegall Date: Wed, 25 Jan 2023 15:18:45 +0100 Subject: [PATCH] issue #1852 also forbid extension deletion --- admin/include/languages.class.php | 5 +++++ admin/include/plugins.class.php | 7 +++++++ admin/include/themes.class.php | 5 +++++ admin/languages_installed.php | 1 + admin/plugins_installed.php | 1 + .../default/template/languages_installed.tpl | 2 ++ .../themes/default/template/plugins_installed.tpl | 6 ++++-- admin/themes/default/template/themes_installed.tpl | 2 +- admin/themes_installed.php | 1 + include/ws_functions/pwg.extensions.php | 14 ++++++++++++-- 10 files changed, 39 insertions(+), 5 deletions(-) diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php index 69918009a..5dc846fe0 100644 --- a/admin/include/languages.class.php +++ b/admin/include/languages.class.php @@ -30,6 +30,11 @@ class languages { global $conf; + if (!$conf['enable_extensions_install'] and 'delete' == $action) + { + die('Piwigo extensions install/update/delete system is disabled'); + } + if (isset($this->db_languages[$language_id])) { $crt_db_language = $this->db_languages[$language_id]; diff --git a/admin/include/plugins.class.php b/admin/include/plugins.class.php index 92a469495..3fb266526 100644 --- a/admin/include/plugins.class.php +++ b/admin/include/plugins.class.php @@ -107,6 +107,13 @@ class plugins */ function perform_action($action, $plugin_id, $options=array()) { + global $conf; + + if (!$conf['enable_extensions_install'] and 'delete' == $action) + { + die('Piwigo extensions install/update/delete system is disabled'); + } + if (isset($this->db_plugins_by_id[$plugin_id])) { $crt_db_plugin = $this->db_plugins_by_id[$plugin_id]; diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php index 47191a9e4..fa53e7e15 100644 --- a/admin/include/themes.class.php +++ b/admin/include/themes.class.php @@ -88,6 +88,11 @@ class themes { global $conf; + if (!$conf['enable_extensions_install'] and 'delete' == $action) + { + die('Piwigo extensions install/update/delete system is disabled'); + } + if (isset($this->db_themes_by_id[$theme_id])) { $crt_db_theme = $this->db_themes_by_id[$theme_id]; diff --git a/admin/languages_installed.php b/admin/languages_installed.php index 8b0cf4e06..97e2a2fb0 100644 --- a/admin/languages_installed.php +++ b/admin/languages_installed.php @@ -117,6 +117,7 @@ DELETE $template->assign('isWebmaster', (is_webmaster()) ? 1 : 0); $template->assign('ADMIN_PAGE_TITLE', l10n('Languages')); +$template->assign('CONF_ENABLE_EXTENSIONS_INSTALL', $conf['enable_extensions_install']); $template->assign_var_from_handle('ADMIN_CONTENT', 'languages'); ?> diff --git a/admin/plugins_installed.php b/admin/plugins_installed.php index c2587cd2c..ce7e97d6b 100644 --- a/admin/plugins_installed.php +++ b/admin/plugins_installed.php @@ -196,6 +196,7 @@ $template->assign( 'isWebmaster' => (is_webmaster()) ? 1 : 0, 'ADMIN_PAGE_TITLE' => l10n('Plugins'), 'view_selector' => userprefs_get_param('plugin-manager-view', 'classic'), + 'CONF_ENABLE_EXTENSIONS_INSTALL' => $conf['enable_extensions_install'], ) ); diff --git a/admin/themes/default/template/languages_installed.tpl b/admin/themes/default/template/languages_installed.tpl index 6b0b8807c..8670ec427 100644 --- a/admin/themes/default/template/languages_installed.tpl +++ b/admin/themes/default/template/languages_installed.tpl @@ -48,7 +48,9 @@ $(".delete-lang-button").each(function() { {if $language_state == 'inactive'} {'Activate'|@translate} + {if $CONF_ENABLE_EXTENSIONS_INSTALL} | {'Delete'|@translate} + {/if} {/if} diff --git a/admin/themes/default/template/plugins_installed.tpl b/admin/themes/default/template/plugins_installed.tpl index ac4b92fc8..74d52faea 100644 --- a/admin/themes/default/template/plugins_installed.tpl +++ b/admin/themes/default/template/plugins_installed.tpl @@ -151,7 +151,7 @@ let plugin_filter = searchParams.get('filter');
{'Uninstall'|@translate}
- {elseif $plugin.STATE == 'merged'} + {elseif $plugin.STATE == 'merged' and $CONF_ENABLE_EXTENSIONS_INSTALL}
{'Delete'|@translate}
@@ -164,7 +164,9 @@ let plugin_filter = searchParams.get('filter'); {$plugin.DESC} {'Restore'|@translate} + {if $CONF_ENABLE_EXTENSIONS_INSTALL} {'Delete'|@translate} + {/if}
{$plugin.NAME} @@ -187,7 +189,7 @@ let plugin_filter = searchParams.get('filter'); {/if} {elseif $plugin.STATE == 'missing'} {'Uninstall'|@translate} - {elseif $plugin.STATE == 'merged'} + {elseif $plugin.STATE == 'merged' and $CONF_ENABLE_EXTENSIONS_INSTALL} {'Delete'|@translate} {/if}
diff --git a/admin/themes/default/template/themes_installed.tpl b/admin/themes/default/template/themes_installed.tpl index b06c5662d..7f175c2a0 100644 --- a/admin/themes/default/template/themes_installed.tpl +++ b/admin/themes/default/template/themes_installed.tpl @@ -114,7 +114,7 @@ $(window).bind("load", function() {
{$theme.DESC|@escape:'html'}
- {if $theme.STATE != "active"} + {if $theme.STATE != "active" and $CONF_ENABLE_EXTENSIONS_INSTALL} {if $theme.DELETABLE} {'Delete'|@translate} {else} diff --git a/admin/themes_installed.php b/admin/themes_installed.php index ecb28dcab..2815a5875 100644 --- a/admin/themes_installed.php +++ b/admin/themes_installed.php @@ -170,6 +170,7 @@ trigger_notify('loc_end_themes_installed'); $template->assign('isWebmaster', (is_webmaster()) ? 1 : 0); $template->assign('ADMIN_PAGE_TITLE', l10n('Themes')); +$template->assign('CONF_ENABLE_EXTENSIONS_INSTALL', $conf['enable_extensions_install']); $template->set_filenames(array('themes' => 'themes_installed.tpl')); $template->assign_var_from_handle('ADMIN_CONTENT', 'themes'); diff --git a/include/ws_functions/pwg.extensions.php b/include/ws_functions/pwg.extensions.php index 997f79763..c8e806d67 100644 --- a/include/ws_functions/pwg.extensions.php +++ b/include/ws_functions/pwg.extensions.php @@ -52,7 +52,7 @@ function ws_plugins_getList($params, $service) */ function ws_plugins_performAction($params, $service) { - global $template; + global $template, $conf; if (get_pwg_token() != $params['pwg_token']) { @@ -64,6 +64,11 @@ function ws_plugins_performAction($params, $service) return new PwgError(403, l10n('Webmaster status is required.')); } + if (!$conf['enable_extensions_install'] and 'delete' == $params['action']) + { + return new PwgError(401, 'Piwigo extensions install/update/delete system is disabled'); + } + define('IN_ADMIN', true); include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); @@ -94,13 +99,18 @@ function ws_plugins_performAction($params, $service) */ function ws_themes_performAction($params, $service) { - global $template; + global $template, $conf; if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } + if (!$conf['enable_extensions_install'] and 'delete' == $params['action']) + { + return new PwgError(401, 'Piwigo extensions install/update/delete system is disabled'); + } + define('IN_ADMIN', true); include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');