mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

issue #1852 also forbid extension deletion

Browse source
This commit is contained in:
plegall 2023-01-25 15:18:45 +01:00
parent 6d416c5d6f
commit 0b9e177782
10 changed files with 39 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
admin/include/languages.class.php
View file

@ -30,6 +30,11 @@ class languages
{ {
global $conf; global $conf;
if (!$conf['enable_extensions_install'] and 'delete' == $action)
{
die('Piwigo extensions install/update/delete system is disabled');
}
if (isset($this->db_languages[$language_id])) if (isset($this->db_languages[$language_id]))
{ {
$crt_db_language = $this->db_languages[$language_id]; $crt_db_language = $this->db_languages[$language_id];

7
admin/include/plugins.class.php
View file

@ -107,6 +107,13 @@ class plugins
*/ */
function perform_action($action, $plugin_id, $options=array()) function perform_action($action, $plugin_id, $options=array())
{ {
global $conf;
if (!$conf['enable_extensions_install'] and 'delete' == $action)
{
die('Piwigo extensions install/update/delete system is disabled');
}
if (isset($this->db_plugins_by_id[$plugin_id])) if (isset($this->db_plugins_by_id[$plugin_id]))
{ {
$crt_db_plugin = $this->db_plugins_by_id[$plugin_id]; $crt_db_plugin = $this->db_plugins_by_id[$plugin_id];

5
admin/include/themes.class.php
View file

@ -88,6 +88,11 @@ class themes
{ {
global $conf; global $conf;
if (!$conf['enable_extensions_install'] and 'delete' == $action)
{
die('Piwigo extensions install/update/delete system is disabled');
}
if (isset($this->db_themes_by_id[$theme_id])) if (isset($this->db_themes_by_id[$theme_id]))
{ {
$crt_db_theme = $this->db_themes_by_id[$theme_id]; $crt_db_theme = $this->db_themes_by_id[$theme_id];

1
admin/languages_installed.php
View file

@ -117,6 +117,7 @@ DELETE
$template->assign('isWebmaster', (is_webmaster()) ? 1 : 0); $template->assign('isWebmaster', (is_webmaster()) ? 1 : 0);
$template->assign('ADMIN_PAGE_TITLE', l10n('Languages')); $template->assign('ADMIN_PAGE_TITLE', l10n('Languages'));
$template->assign('CONF_ENABLE_EXTENSIONS_INSTALL', $conf['enable_extensions_install']);
$template->assign_var_from_handle('ADMIN_CONTENT', 'languages'); $template->assign_var_from_handle('ADMIN_CONTENT', 'languages');
?> ?>

1
admin/plugins_installed.php
View file

@ -196,6 +196,7 @@ $template->assign(
'isWebmaster' => (is_webmaster()) ? 1 : 0, 'isWebmaster' => (is_webmaster()) ? 1 : 0,
'ADMIN_PAGE_TITLE' => l10n('Plugins'), 'ADMIN_PAGE_TITLE' => l10n('Plugins'),
'view_selector' => userprefs_get_param('plugin-manager-view', 'classic'), 'view_selector' => userprefs_get_param('plugin-manager-view', 'classic'),
'CONF_ENABLE_EXTENSIONS_INSTALL' => $conf['enable_extensions_install'],
) )
); );

2
admin/themes/default/template/languages_installed.tpl
View file

@ -48,8 +48,10 @@ $(".delete-lang-button").each(function() {
{if $language_state == 'inactive'} {if $language_state == 'inactive'}
<a href="{$language.u_action}&amp;action=activate" class="tiptip" title="{'Make this language available to users'|@translate}">{'Activate'|@translate}</a> <a href="{$language.u_action}&amp;action=activate" class="tiptip" title="{'Make this language available to users'|@translate}">{'Activate'|@translate}</a>
{if $CONF_ENABLE_EXTENSIONS_INSTALL}
| <a href="{$language.u_action}&amp;action=delete" class="tiptip delete-lang-button" title="{'Delete this language'|@translate}">{'Delete'|@translate}</a> | <a href="{$language.u_action}&amp;action=delete" class="tiptip delete-lang-button" title="{'Delete this language'|@translate}">{'Delete'|@translate}</a>
{/if} {/if}
{/if}
</div> </div>
</div> <!-- languageActions --> </div> <!-- languageActions -->
{/if} {/if}

6
admin/themes/default/template/plugins_installed.tpl
View file

@ -151,7 +151,7 @@ let plugin_filter = searchParams.get('filter');
<div class="tiptip" title="{'Uninstall'|@translate}"> <div class="tiptip" title="{'Uninstall'|@translate}">
<a class="uninstall-plugin-button">{'Uninstall'|@translate}</a> <a class="uninstall-plugin-button">{'Uninstall'|@translate}</a>
</div> </div>
{elseif $plugin.STATE == 'merged'} {elseif $plugin.STATE == 'merged' and $CONF_ENABLE_EXTENSIONS_INSTALL}
<div class="tiptip" title="{'Delete'|@translate}"> <div class="tiptip" title="{'Delete'|@translate}">
<a class="" href="{$plugin.U_ACTION}&amp;action=delete">{'Delete'|@translate}</a> <a class="" href="{$plugin.U_ACTION}&amp;action=delete">{'Delete'|@translate}</a>
</div> </div>
@ -164,7 +164,9 @@ let plugin_filter = searchParams.get('filter');
{$plugin.DESC} {$plugin.DESC}
</div> </div>
<a class="dropdown-option icon-back-in-time plugin-restore separator-top tiptip" title="{'While restoring this plugin, it will be reset to its original parameters and associated data is going to be reset'|@translate}">{'Restore'|@translate}</a> <a class="dropdown-option icon-back-in-time plugin-restore separator-top tiptip" title="{'While restoring this plugin, it will be reset to its original parameters and associated data is going to be reset'|@translate}">{'Restore'|@translate}</a>
{if $CONF_ENABLE_EXTENSIONS_INSTALL}
<a class="dropdown-option icon-trash delete-plugin-button separator-top">{'Delete'|@translate}</a> <a class="dropdown-option icon-trash delete-plugin-button separator-top">{'Delete'|@translate}</a>
{/if}
</div> </div>
<div class="pluginName" data-title="{$plugin.NAME}"> <div class="pluginName" data-title="{$plugin.NAME}">
{$plugin.NAME} {$plugin.NAME}
@ -187,7 +189,7 @@ let plugin_filter = searchParams.get('filter');
{/if} {/if}
{elseif $plugin.STATE == 'missing'} {elseif $plugin.STATE == 'missing'}
<a class="pluginActionLevel3 uninstall-plugin-button">{'Uninstall'|@translate}</a> <a class="pluginActionLevel3 uninstall-plugin-button">{'Uninstall'|@translate}</a>
{elseif $plugin.STATE == 'merged'} {elseif $plugin.STATE == 'merged' and $CONF_ENABLE_EXTENSIONS_INSTALL}
<a class="pluginActionLevel3" href="{$plugin.U_ACTION}&amp;action=delete">{'Delete'|@translate}</a> <a class="pluginActionLevel3" href="{$plugin.U_ACTION}&amp;action=delete">{'Delete'|@translate}</a>
{/if} {/if}
</div> </div>

2
admin/themes/default/template/themes_installed.tpl
View file

@ -114,7 +114,7 @@ $(window).bind("load", function() {
<div class="showInfo-dropdown-content"> <div class="showInfo-dropdown-content">
{$theme.DESC|@escape:'html'} {$theme.DESC|@escape:'html'}
</div> </div>
{if $theme.STATE != "active"} {if $theme.STATE != "active" and $CONF_ENABLE_EXTENSIONS_INSTALL}
{if $theme.DELETABLE} {if $theme.DELETABLE}
<a class="dropdown-option icon-trash delete-plugin-button delete-theme-button" href="{$delete_baseurl}{$theme.ID}">{'Delete'|@translate}</a> <a class="dropdown-option icon-trash delete-plugin-button delete-theme-button" href="{$delete_baseurl}{$theme.ID}">{'Delete'|@translate}</a>
{else} {else}

1
admin/themes_installed.php
View file

@ -170,6 +170,7 @@ trigger_notify('loc_end_themes_installed');
$template->assign('isWebmaster', (is_webmaster()) ? 1 : 0); $template->assign('isWebmaster', (is_webmaster()) ? 1 : 0);
$template->assign('ADMIN_PAGE_TITLE', l10n('Themes')); $template->assign('ADMIN_PAGE_TITLE', l10n('Themes'));
$template->assign('CONF_ENABLE_EXTENSIONS_INSTALL', $conf['enable_extensions_install']);
$template->set_filenames(array('themes' => 'themes_installed.tpl')); $template->set_filenames(array('themes' => 'themes_installed.tpl'));
$template->assign_var_from_handle('ADMIN_CONTENT', 'themes'); $template->assign_var_from_handle('ADMIN_CONTENT', 'themes');

14
include/ws_functions/pwg.extensions.php
View file

@ -52,7 +52,7 @@ function ws_plugins_getList($params, $service)
*/ */
function ws_plugins_performAction($params, $service) function ws_plugins_performAction($params, $service)
{ {
global $template; global $template, $conf;
if (get_pwg_token() != $params['pwg_token']) if (get_pwg_token() != $params['pwg_token'])
{ {
@ -64,6 +64,11 @@ function ws_plugins_performAction($params, $service)
return new PwgError(403, l10n('Webmaster status is required.')); return new PwgError(403, l10n('Webmaster status is required.'));
} }
if (!$conf['enable_extensions_install'] and 'delete' == $params['action'])
{
return new PwgError(401, 'Piwigo extensions install/update/delete system is disabled');
}
define('IN_ADMIN', true); define('IN_ADMIN', true);
include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php');
@ -94,13 +99,18 @@ function ws_plugins_performAction($params, $service)
*/ */
function ws_themes_performAction($params, $service) function ws_themes_performAction($params, $service)
{ {
global $template; global $template, $conf;
if (get_pwg_token() != $params['pwg_token']) if (get_pwg_token() != $params['pwg_token'])
{ {
return new PwgError(403, 'Invalid security token'); return new PwgError(403, 'Invalid security token');
} }
if (!$conf['enable_extensions_install'] and 'delete' == $params['action'])
{
return new PwgError(401, 'Piwigo extensions install/update/delete system is disabled');
}
define('IN_ADMIN', true); define('IN_ADMIN', true);
include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');