From 74471df7770784887bd44cfbe02f48ec12bf8532 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 16:12:18 -0800
Subject: Minor security tightening of IdentityProvider::change_provider().

---
 modules/gallery/libraries/IdentityProvider.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/gallery/libraries/IdentityProvider.php')

diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
index 3f1666eb..9fbc5e21 100644
--- a/modules/gallery/libraries/IdentityProvider.php
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -66,6 +66,11 @@ class IdentityProvider_Core {
   }
 
   static function change_provider($new_provider) {
+    if (!identity::active_user()->admin) {
+      // Below, the active user is set to the primary admin.
+      access::forbidden();
+    }
+
     $current_provider = module::get_var("gallery", "identity_provider");
     if (!empty($current_provider)) {
       module::uninstall($current_provider);
-- 
cgit v1.2.3


From 30dcaaa2365ab88c0516a10bfa287fd2208dcf57 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 14 Feb 2010 18:33:10 -0800
Subject: Need to allow access to ::change_provider for CLI, to make packager
 work.

---
 modules/gallery/libraries/IdentityProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/libraries/IdentityProvider.php')

diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
index 9fbc5e21..01ea9ad7 100644
--- a/modules/gallery/libraries/IdentityProvider.php
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -66,7 +66,7 @@ class IdentityProvider_Core {
   }
 
   static function change_provider($new_provider) {
-    if (!identity::active_user()->admin) {
+    if (!identity::active_user()->admin && PHP_SAPI != "cli") {
       // Below, the active user is set to the primary admin.
       access::forbidden();
     }
-- 
cgit v1.2.3