diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-09 21:27:55 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-09 21:27:55 -0700 |
| commit | d6b808b726a20570e294e6d3eeeb8ea384979ecf (patch) | |
| tree | 3c42c1867833cee66cf9cae38c98668c5cde51d3 /modules/gallery/controllers | |
| parent | 2fd322deeaf6b6b3f880fe21bf78664870d630a3 (diff) | |
Add security checks
Diffstat (limited to 'modules/gallery/controllers')
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index b8769b27..0d5bb4f6 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -19,6 +19,11 @@ */ class Upgrader_Controller extends Controller { public function index() { + // Todo: give the admin a chance to log in here + if (!user::active()->admin) { + access::forbidden(); + } + $view = new View("upgrader.html"); $view->available = module::available(); $view->done = Input::instance()->get("done"); @@ -26,6 +31,11 @@ class Upgrader_Controller extends Controller { } public function upgrade() { + // Todo: give the admin a chance to log in here + if (!user::active()->admin) { + access::forbidden(); + } + // Upgrade gallery and user first module::install("gallery"); module::install("user"); |