git.shiar.nl
/
minimedit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4077c0e
)
admin: disallow access to unauthorised visitors
author
Mischa POSLAWSKY
<perl@shiar.org>
Tue, 12 Dec 2017 22:06:58 +0000
(23:06 +0100)
committer
Mischa POSLAWSKY
<perl@shiar.org>
Tue, 12 Dec 2017 22:06:58 +0000
(23:06 +0100)
Regardless of login include, this page can now be retrieved separately
so needs its own user check.
admin.php
patch
|
blob
|
history
diff --git
a/admin.php
b/admin.php
index ea84e0b2967f0188bf40fdb5a9b402509453d275..e73f5b5ca7c78cdc5cb77010b985d89fa630869c 100644
(file)
--- a/
admin.php
+++ b/
admin.php
@@
-1,3
+1,14
@@
+<?php
+if (empty($User['admin'])) {
+ ob_clean();
+ http_response_code(403);
+?>
+<h2>Verboden toegang</h2>
+<p>Deze pagina is alleen voor sitebeheerders toegankelijk.</p>
+<?php
+ return;
+}
+?>
<h3>Laatste aanpassingen</h3>
<?php