diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-11 12:05:24 +0800 |
|---|---|---|
| committer | <unostar@danalan.info> | 2009-06-11 15:51:06 +0800 |
| commit | 5f2dca7a51f246d03496f4cea0dcc795bbe2023a (patch) | |
| tree | 4e4cc6696c28f6195a721e28a71a95e6ff4611d1 /modules/gallery/controllers | |
| parent | 8d4567f4ccc90c954117cda1a34f9785dbd94b96 (diff) | |
Provide a way for non-admins to authenticate and use the upgrader,
without using our regular code paths.
Signed-off-by: <unostar@danalan.info>
Diffstat (limited to 'modules/gallery/controllers')
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 0833e253..5eb96fdd 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -19,24 +19,33 @@ */ class Upgrader_Controller extends Controller { public function index() { - // Todo: give the admin a chance to log in here - if (!user::active()->admin) { - access::forbidden(); + $session = Session::instance(); + + // Make sure we have an upgrade token + if (!($upgrade_token = $session->get("upgrade_token", null))) { + $session->set("upgrade_token", $upgrade_token = md5(rand())); + } + + // If the upgrade token exists, then bless this session + if (file_exists(TMPPATH . $upgrade_token)) { + $session->set("can_upgrade", true); + @unlink(TMPPATH . $upgrade_token); } $view = new View("upgrader.html"); + $view->can_upgrade = user::active()->admin || $session->get("can_upgrade"); + $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->done = Input::instance()->get("done"); print $view; } public function upgrade() { - // Todo: give the admin a chance to log in here if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!user::active()->admin) { + } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } |