@@ -46,5 +46,5 @@ </div> <div class="clear tip_here"></div> <br /> - <a class="button right" href="http://chyrp.net/extend/browse/feathers">${ "Get More Feathers &rsaquo;" | translate }</a> + <a class="button right" href="http://chyrp.net/extend/type/feather">${ "Get More Feathers &rsaquo;" | translate }</a> {% endblock %} admin/layout/pages/feathers.twig @@ -68,5 +68,5 @@ </div> <div class="clear"></div> <br /> - <a class="button right" href="http://chyrp.net/extend/browse/modules">${ "Get More Modules &rsaquo;" | translate }</a> + <a class="button right" href="http://chyrp.net/extend/type/module">${ "Get More Modules &rsaquo;" | translate }</a> {% endblock %} admin/layout/pages/modules.twig @@ -23,5 +23,5 @@ {% endfor %} <div class="clear"></div> <br /> - <a class="button right" href="http://chyrp.net/extend/browse/themes">${ "Get More Themes &rsaquo;" | translate }</a> + <a class="button right" href="http://chyrp.net/extend/type/theme">${ "Get More Themes &rsaquo;" | translate }</a> {% endblock %} admin/layout/pages/themes.twig @@ -611,9 +611,9 @@ <?php if (!is_writable(INCLUDES_DIR."/caches")): ?> <li><?php echo __("CHMOD <code>/includes/caches</code> to 777."); ?></li> <?php endif; ?> - <li><a href="http://chyrp.net/extend/browse/translations"><?php echo __("Look for a translation for your language."); ?></a></li> - <li><a href="http://chyrp.net/extend/browse/modules"><?php echo __("Install some Modules."); ?></a></li> - <li><a href="http://chyrp.net/extend/browse/feathers"><?php echo __("Find some Feathers you want."); ?></a></li> + <li><a href="http://chyrp.net/extend/type/translation"><?php echo __("Look for a translation for your language."); ?></a></li> + <li><a href="http://chyrp.net/extend/type/module"><?php echo __("Install some Modules."); ?></a></li> + <li><a href="http://chyrp.net/extend/type/feather"><?php echo __("Find some Feathers you want."); ?></a></li> <li><a href="README.markdown"><?php echo __("Read &#8220;Getting Started&#8221;"); ?></a></li> </ol> <a class="big" href="<?php echo $config->chyrp_url; ?>"><?php echo __("Take me to my site! &rarr;"); ?></a> install.php @@ -146,6 +146,9 @@ } public function admin_manage_tags($admin) { + if (!Post::any_editable()) + show_403(__("Access Denied"), __("You do not have sufficient privileges to manage tags.", "tags")); + $sql = SQL::current(); $tags = array(); @@ -180,10 +183,7 @@ "name" => $tag, "title" => sprintf(_p("%s post tagged with &quot;%s&quot;", "%s posts tagged with &quot;%s&quot;", $count, "tags"), $count, $tag), "clean" => $tags[$tag], - "url" => url("tag/".$tags[$tag])); - - if (!Post::any_editable() and !Post::any_deletable()) - return $admin->display("manage_tags", array("tag_cloud" => $cloud)); + "url" => url("tag/".$tags[$tag], MainController::current())); } fallback($_GET['query'], ""); @@ -214,6 +214,9 @@ } public function admin_rename_tag($admin) { + if (!Visitor::current()->group->can("edit_post")) + show_403(__("Access Denied"), __("You do not have sufficient privileges to edit tags.", "tags")); + $sql = SQL::current(); $tags = array(); @@ -243,9 +246,13 @@ } public function admin_edit_tags($admin) { - if (!isset($_GET['id'])) + if (empty($_GET['id'])) error(__("No ID Specified"), __("Please specify the ID of the post whose tags you would like to edit.", "tags")); + $post = new Post($_GET['id']); + if (!$post->editable()) + show_403(__("Access Denied"), __("You do not have sufficient privileges to edit this post.")); + $admin->display("edit_tags", array("post" => new Post($_GET['id']))); } @@ -256,7 +263,11 @@ if (!isset($_POST['id'])) error(__("No ID Specified"), __("Please specify the ID of the post whose tags you would like to edit.", "tags")); - $this->update_post(new Post($_POST['id'])); + $post = new Post($_POST['id']); + if (!$post->editable()) + show_403(__("Access Denied"), __("You do not have sufficient privileges to edit this post.")); + + $this->update_post($post); Flash::notice(__("Tags updated.", "tags"), "/admin/?action=manage_tags"); } @@ -265,6 +276,10 @@ if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) show_403(__("Access Denied"), __("Invalid security key.")); + if (!Visitor::current()->group->can("edit_post")) + show_403(__("Access Denied"), __("You do not have sufficient privileges to edit tags.", "tags")); + + $sql = SQL::current(); $tags = array(); @@ -435,7 +450,7 @@ "name" => $tag, "title" => sprintf(_p("%s post tagged with &quot;%s&quot;", "%s posts tagged with &quot;%s&quot;", $count, "tags"), $count, $tag), "clean" => $tags[$tag], - "url" => url("tag/".$tags[$tag])); + "url" => url("tag/".$tags[$tag], $main)); $main->display("pages/tags", array("tag_cloud" => $context), __("Tags", "tags")); } @@ -513,7 +528,7 @@ $linked = array(); foreach ($tags as $tag => $clean) - $linked[] = '<a href="'.url("tag/".urlencode($clean)).'" rel="tag">'.$tag.'</a>'; + $linked[] = '<a href="'.url("tag/".urlencode($clean), MainController::current()).'" rel="tag">'.$tag.'</a>'; return $linked; } @@ -703,7 +718,7 @@ "value" => YAML::dump($tags), "post_id" => $post->id)); - exit("{ url: \"".url("/tag/".$tags[$tag])."\", tag: \"".$_POST['name']."\" }"); + exit("{ url: \"".url("tag/".$tags[$tag], MainController::current())."\", tag: \"".$_POST['name']."\" }"); } function feed_item($post) { modules/tags/tags.php 5d6b5b0887e120c72583dfcbefba51dfd8199479 Alex Suraci i.am@toogeneric.com http://github.com/vito/chyrp/commit/2d89fddca0184fcf5e05466edc7f7eb11ca4a294 2d89fddca0184fcf5e05466edc7f7eb11ca4a294 2009-07-06T10:18:45-07:00 2009-07-06T10:18:45-07:00 * Fixed Tagginator providing invalid dirty URLs. * Fixed broken rename_tag often resulting in editing an "empty" tag. * Fixed invalid tag URLs from /admin. * Fixed links to the Extend areas in the installer and Extend admin pages. e2ec35230377ee48061795fb12d49bd8bf7b8a02 Alex Suraci i.am@toogeneric.com