diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-10 21:05:24 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-10 21:05:24 -0700 |
| commit | 4118ca4f1db76447da8846fc4835fea702687d21 (patch) | |
| tree | 7bec0702827a3fe132cfc4d981d16f487da8bc3f /modules/gallery/controllers/upgrader.php | |
| parent | 0d5826ab9ff919a9a191e654cb3a3032d31494f4 (diff) | |
Provide a way for non-admins to authenticate and use the upgrader,
without using our regular code paths.
Diffstat (limited to 'modules/gallery/controllers/upgrader.php')
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 0833e253..5eb96fdd 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -19,24 +19,33 @@ */ class Upgrader_Controller extends Controller { public function index() { - // Todo: give the admin a chance to log in here - if (!user::active()->admin) { - access::forbidden(); + $session = Session::instance(); + + // Make sure we have an upgrade token + if (!($upgrade_token = $session->get("upgrade_token", null))) { + $session->set("upgrade_token", $upgrade_token = md5(rand())); + } + + // If the upgrade token exists, then bless this session + if (file_exists(TMPPATH . $upgrade_token)) { + $session->set("can_upgrade", true); + @unlink(TMPPATH . $upgrade_token); } $view = new View("upgrader.html"); + $view->can_upgrade = user::active()->admin || $session->get("can_upgrade"); + $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->done = Input::instance()->get("done"); print $view; } public function upgrade() { - // Todo: give the admin a chance to log in here if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!user::active()->admin) { + } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } |