Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 17:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disable add php pages in admin panel for security. Option to disable plugins upload

Browse Source
This commit is contained in:
slawkens 2023-02-16 10:53:06 +01:00
parent 3a2870a6bb
commit 7a49b5dedc
3 changed files with 93 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
admin/pages/pages.php
View File

@ -76,18 +76,18 @@ if (!empty($action)) {
$enable_tinymce = $_page['enable_tinymce'] == '1'; $enable_tinymce = $_page['enable_tinymce'] == '1';
$access = $_page['access']; $access = $_page['access'];
} else { } else {
if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) { if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
$action = $name = $p_title = $body = ''; $action = $name = $p_title = $body = '';
$player_id = 1; $player_id = 1;
$access = 0; $access = 0;
$php = false; $php = false;
$enable_tinymce = true; $enable_tinymce = true;
success("Updated successful."); success('Updated successful.');
} }
} }
} else if ($action == 'hide') { } else if ($action == 'hide') {
Pages::toggleHidden($id, $errors, $status); Pages::toggleHidden($id, $errors, $status);
success(($status == 1 ? 'Show' : 'Hide') . " successful."); success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
} }
if (!empty($errors)) if (!empty($errors))
@ -152,6 +152,10 @@ class Pages
$errors[] = 'Enable PHP is wrong.'; $errors[] = 'Enable PHP is wrong.';
return false; return false;
} }
if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
return false;
}
if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) { if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
$errors[] = 'Enable TinyMCE is wrong.'; $errors[] = 'Enable TinyMCE is wrong.';
return false; return false;
@ -200,7 +204,7 @@ class Pages
return !count($errors); return !count($errors);
} }
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access) static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
{ {
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
return false; return false;

11
admin/pages/plugins.php
View File

@ -13,6 +13,10 @@ $use_datatable = true;
require_once LIBS . 'plugins.php'; require_once LIBS . 'plugins.php';
if (!getBoolean(config('admin_plugins_manage_enable'))) {
warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
}
else {
$twig->display('admin.plugins.form.html.twig'); $twig->display('admin.plugins.form.html.twig');
if (isset($_REQUEST['uninstall'])) { if (isset($_REQUEST['uninstall'])) {
@ -23,16 +27,14 @@ if (isset($_REQUEST['uninstall'])) {
} else { } else {
error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError()); error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
} }
} } else if (isset($_REQUEST['enable'])) {
else if (isset($_REQUEST['enable'])) {
$enable = $_REQUEST['enable']; $enable = $_REQUEST['enable'];
if (Plugins::enable($enable)) { if (Plugins::enable($enable)) {
success('Successfully enabled plugin ' . $enable); success('Successfully enabled plugin ' . $enable);
} else { } else {
error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError()); error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
} }
} } else if (isset($_REQUEST['disable'])) {
else if (isset($_REQUEST['disable'])) {
$disable = $_REQUEST['disable']; $disable = $_REQUEST['disable'];
if (Plugins::disable($disable)) { if (Plugins::disable($disable)) {
success('Successfully disabled plugin ' . $disable); success('Successfully disabled plugin ' . $disable);
@ -104,6 +106,7 @@ else if (isset($_REQUEST['disable'])) {
} }
} }
} }
}
$plugins = array(); $plugins = array();
foreach (get_plugins(true) as $plugin) { foreach (get_plugins(true) as $plugin) {

4
config.php
View File

@ -299,6 +299,10 @@ $config = array(
'status_interval' => 60, 'status_interval' => 60,
// admin panel // admin panel
'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
// enable support for plain php pages in admin panel, for security
// existing pages still will be working, so you need to delete them manually
'admin_pages_php_enable' => 'no',
'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance', // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance 'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance', // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
// other // other