Pastoid

The page you are looking at now is at this URL: http://pastoid.com/amw

This paste was last updated on February 7, 2009 at 2:50 pm.

Pasted Coderaw

Index: adminhandler.php
===================================================================
--- adminhandler.php	(revision 3126)
+++ adminhandler.php	(working copy)
@@ -89,6 +89,13 @@
 		$this->theme->admin_page_url = ( $page == 'dashboard' ) ? URL::get( 'admin', 'page=' ) : URL::get( 'admin', 'page=' . $page );
 		$this->theme->page = $page;
 		$this->theme->admin_title = ucwords($page) . ( $type != '' ? ' ' . ucwords($type) : '' );
+
+		// Access check to see if the user is allowed the requested page
+		if( !$this->access_allowed( $page, $type ) ) {
+			$set = Session::get_set( "permissions" );
+			Utils::redirect( $set['current_page'] );
+		}
+
 		switch( $_SERVER['REQUEST_METHOD'] ) {
 			case 'POST':
 				// Let plugins try to handle the page
@@ -2904,6 +2911,40 @@
 		return $menuarray;
 	}
 
+	private function access_allowed( $page, $type )
+	{
+		$user = User::identify();
+		$result = TRUE;
+		switch( $page ) {
+			case 'publish':
+				break;
+			case 'posts':
+				break;
+			case 'comments':
+				break;
+			case 'dashboard':
+				Session::add_to_set( 'permissions', $this->theme->admin_page_url, 'current_page' );
+				$result = TRUE;
+				break;
+			default:
+				$token = 'manage_' . $page;
+				if( isset( $this->handler_vars['configure'] ) ) {
+					$token .= '_config';
+				}
+				if( !$user->can( $token ) ) {
+					Session::error( _t('Permission denied') );
+					$result = FALSE;
+				}
+				else {
+					Session::add_to_set( 'permissions', $this->theme->admin_page_url, 'current_page' );
+					$result = TRUE;
+				}
+				break;
+		}
+		return $result;
+
+	}
+
 	public function default_post_type_display($type, $foruse)
 	{
 		$names = array(
 
 

Toggle wordwrap

Referring DomainHits
Unknown Referer 127
pastoid.com 9
mibbit.com 1
drunkenmonkey.org 1
search.live.com 1
Is this paste spam?
<Hide