diff options
| -rw-r--r-- | lib/plugins/acl/ajax.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 54eaa8dc7..97fae2ad1 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -16,9 +16,11 @@ require_once(DOKU_INC.'inc/init.php'); require_once(DOKU_INC.'inc/common.php'); require_once(DOKU_INC.'inc/pageutils.php'); require_once(DOKU_INC.'inc/auth.php'); -//close sesseion +//close session session_write_close(); +if(!auth_ismanager()) die('forbidden'); + $ID = getID(); if(!auth_isadmin) die('for admins only'); @@ -42,6 +44,7 @@ if($ajax == 'info'){ if($ns == '*'){ $ns =''; } + $ns = cleanID($ns); $lvl = count(explode(':',$ns)); $ns = utf8_encodeFN(str_replace(':','/',$ns)); |