From d6b808b726a20570e294e6d3eeeb8ea384979ecf Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 9 Jun 2009 21:27:55 -0700
Subject: Add security checks

---
 modules/gallery/controllers/upgrader.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'modules')

diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index b8769b27..0d5bb4f6 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -19,6 +19,11 @@
  */
 class Upgrader_Controller extends Controller {
   public function index() {
+    // Todo: give the admin a chance to log in here
+    if (!user::active()->admin) {
+      access::forbidden();
+    }
+
     $view = new View("upgrader.html");
     $view->available = module::available();
     $view->done = Input::instance()->get("done");
@@ -26,6 +31,11 @@ class Upgrader_Controller extends Controller {
   }
 
   public function upgrade() {
+    // Todo: give the admin a chance to log in here
+    if (!user::active()->admin) {
+      access::forbidden();
+    }
+
     // Upgrade gallery and user first
     module::install("gallery");
     module::install("user");
-- 
cgit v1.2.3