git.shiar.nl / minimedit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
foto: fix admin indication of unrestricted access
[minimedit.git] / auth.inc.php
diff --git a/auth.inc.php b/auth.inc.php
index 7ece6350219902345e504b9d253156200f2d982d..3901609ac5317685563fc446aee404d121a442ad 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -29,7 +29,11 @@ class User
 
        function html()
        {
-               return $this->name ?: $this->login;
+               $name = htmlspecialchars($this->login);
+               if ($this->name and $this->name != $name) {
+                       $name = "{$this->name}<small> @$name</small>";
+               }
+               return $name;
        }
 
        function email()
@@ -43,9 +47,11 @@ class User
                        if (!$this->admin) {
                                return FALSE;  # empty results
                        }
-                       @list ($rootlevel, $sublevel) = explode(' ', $permission);
-                       if ($sublevel and isset($this->admin[$rootlevel])) {
-                               return TRUE;  # root match
+                       preg_match_all('{[ /]}', $permission, $parts, PREG_OFFSET_CAPTURE);
+                       foreach ($parts[0] as $part) {
+                               if (isset($this->admin[substr($permission, 0, $part[1])])) {
+                                       return TRUE;  # partial match
+                               }
                        }
                        return isset($this->admin[$permission]);  # check level
                }
MinimEdit - databaseless cms with only a bit of php