From: Mischa POSLAWSKY <perl@shiar.org>
Date: Wed, 22 Sep 2021 12:59:30 +0000 (+0200)
Subject: page: apply admin restrictions from .private contents
X-Git-Tag: v5.4~21
X-Git-Url: http://git.shiar.nl/minimedit.git/commitdiff_plain/83209975037c6fadba1fd0555e37e95c17fe6099

page: apply admin restrictions from .private contents
---

diff --git a/article.inc.php b/article.inc.php
index 8b01699..093852f 100644
--- a/article.inc.php
+++ b/article.inc.php
@@ -48,7 +48,7 @@ class ArchiveArticle
 		$this->path = '';
 		$this->restricted = FALSE;
 		while (TRUE) {
-			if (file_exists("$path/.private")) {
+			if (file_exists("$path/.private") and !$this->restricted) {
 				$this->restricted = $path;
 			}
 
diff --git a/page.php b/page.php
index e634a38..30f0e3c 100644
--- a/page.php
+++ b/page.php
@@ -40,6 +40,11 @@ if ($Page->restricted) {
 		$target = urlencode($Page->link);
 		abort("/login?goto=$target", '303 Eerst inloggen');
 	}
+	elseif ($check = file_get_contents("{$Page->restricted}/.private")
+	and !$User->admin(trim($check))) {
+		http_response_code(403);
+		$Page->raw('403.inc.html');
+	}
 }
 
 # prepare page contents