Users with insufficient privileges are now unable to use oekaki.
This commit is contained in:
pachuco
parent
4535299b2a
commit
e1c04facdb
1 changed files with 3 additions and 5 deletions
|
|
@ -10,12 +10,10 @@ class Oekaki extends Extension {
|
|||
global $user, $page;
|
||||
|
||||
if($event->page_matches("oekaki")) {
|
||||
if(!$user->can("create_image")) {
|
||||
$this->theme->display_permission_denied();
|
||||
}
|
||||
|
||||
if($event->get_arg(0) == "create") {
|
||||
if($event->get_arg(0) == "create" and $user->can("create_image")){
|
||||
$this->theme->display_page();
|
||||
}else{
|
||||
$this->theme->display_permission_denied();
|
||||
}
|
||||
if($event->get_arg(0) == "upload") {
|
||||
// FIXME: this allows anyone to upload anything to /data ...
|
||||
|
|
|
|||
Reference in a new issue