mirror of
https://github.com/slawkens/myaac.git
synced 2025-06-11 07:14:29 +02:00
Disable add php pages in admin panel for security. Option to disable plugins upload
This commit is contained in:
slawkens
parent
3a2870a6bb
commit
7a49b5dedc
@ -76,18 +76,18 @@ if (!empty($action)) {
|
||||
$enable_tinymce = $_page['enable_tinymce'] == '1';
|
||||
$access = $_page['access'];
|
||||
} else {
|
||||
if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) {
|
||||
if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
$action = $name = $p_title = $body = '';
|
||||
$player_id = 1;
|
||||
$access = 0;
|
||||
$php = false;
|
||||
$enable_tinymce = true;
|
||||
success("Updated successful.");
|
||||
success('Updated successful.');
|
||||
}
|
||||
}
|
||||
} else if ($action == 'hide') {
|
||||
Pages::toggleHidden($id, $errors, $status);
|
||||
success(($status == 1 ? 'Show' : 'Hide') . " successful.");
|
||||
success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
|
||||
}
|
||||
|
||||
if (!empty($errors))
|
||||
@ -152,6 +152,10 @@ class Pages
|
||||
$errors[] = 'Enable PHP is wrong.';
|
||||
return false;
|
||||
}
|
||||
if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
|
||||
$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
|
||||
return false;
|
||||
}
|
||||
if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
|
||||
$errors[] = 'Enable TinyMCE is wrong.';
|
||||
return false;
|
||||
@ -200,7 +204,7 @@ class Pages
|
||||
return !count($errors);
|
||||
}
|
||||
|
||||
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
|
||||
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
|
||||
{
|
||||
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
|
||||
return false;
|
||||
|
||||
@ -13,9 +13,13 @@ $use_datatable = true;
|
||||
|
||||
require_once LIBS . 'plugins.php';
|
||||
|
||||
$twig->display('admin.plugins.form.html.twig');
|
||||
if (!getBoolean(config('admin_plugins_manage_enable'))) {
|
||||
warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
|
||||
}
|
||||
else {
|
||||
$twig->display('admin.plugins.form.html.twig');
|
||||
|
||||
if (isset($_REQUEST['uninstall'])) {
|
||||
if (isset($_REQUEST['uninstall'])) {
|
||||
$uninstall = $_REQUEST['uninstall'];
|
||||
|
||||
if (Plugins::uninstall($uninstall)) {
|
||||
@ -23,23 +27,21 @@ if (isset($_REQUEST['uninstall'])) {
|
||||
} else {
|
||||
error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
|
||||
}
|
||||
}
|
||||
else if (isset($_REQUEST['enable'])) {
|
||||
} else if (isset($_REQUEST['enable'])) {
|
||||
$enable = $_REQUEST['enable'];
|
||||
if (Plugins::enable($enable)) {
|
||||
success('Successfully enabled plugin ' . $enable);
|
||||
} else {
|
||||
error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
|
||||
}
|
||||
}
|
||||
else if (isset($_REQUEST['disable'])) {
|
||||
} else if (isset($_REQUEST['disable'])) {
|
||||
$disable = $_REQUEST['disable'];
|
||||
if (Plugins::disable($disable)) {
|
||||
success('Successfully disabled plugin ' . $disable);
|
||||
} else {
|
||||
error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
|
||||
}
|
||||
} else if (isset($_FILES['plugin']['name'])) {
|
||||
} else if (isset($_FILES['plugin']['name'])) {
|
||||
$file = $_FILES['plugin'];
|
||||
$filename = $file['name'];
|
||||
$tmp_name = $file['tmp_name'];
|
||||
@ -103,6 +105,7 @@ else if (isset($_REQUEST['disable'])) {
|
||||
error('Error uploading file - unknown error.');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$plugins = array();
|
||||
|
||||
@ -299,6 +299,10 @@ $config = array(
|
||||
'status_interval' => 60,
|
||||
|
||||
// admin panel
|
||||
'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
|
||||
// enable support for plain php pages in admin panel, for security
|
||||
// existing pages still will be working, so you need to delete them manually
|
||||
'admin_pages_php_enable' => 'no',
|
||||
'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance', // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
|
||||
|
||||
// other
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user