1 files changed, 31 insertions, 24 deletions

diff --git a/search.php b/search.php
index cc1dfd4b8..44c583475 100644
--- a/search.php
+++ b/search.php
@@ -4,36 +4,43 @@ include_once "includes/common.inc";
 
 page_header();
 
-// verify input:
-$type = check_input($type);
-$keys = check_input($keys);
-
-// build options list:
-foreach (module_list() as $name) {
-  if (module_hook($name, "search")) {
-    $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
+if (user_access($user, "search content")) {
+  // verify input:
+  $type = check_input($type);
+  $keys = check_input($keys);
+
+  // build options list:
+  foreach (module_list() as $name) {
+    if (module_hook($name, "search")) {
+      $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
+    }
   }
-}
 
-// build form:
-$form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
-$form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
-$form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
-$form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
-$form .= "</FORM>\n";
+  // build form:
+  $form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
+  $form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
+  $form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
+  $form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
+  $form .= "</FORM>\n";
 
-// visualize form:
-$theme->header();
+  // visualize form:
+  $theme->header();
 
-if ($form) {
-  $theme->box(t("Search"), $form);
-}
+  if ($form) {
+    $theme->box(t("Search"), $form);
+  }
 
-if ($keys) {
-  $theme->box(t("Result"), search_data($keys, $type));
-}
+  if ($keys) {
+    $theme->box(t("Result"), search_data($keys, $type));
+  }
 
-$theme->footer();
+  $theme->footer();
+}
+else {
+  $theme->header();
+  $theme->box("Access denied", message_access());
+  $theme->footer();
+}
 
 page_footer();