summaryrefslogtreecommitdiff
path: root/lib/plugins/acl/ajax.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plugins/acl/ajax.php')
-rw-r--r--lib/plugins/acl/ajax.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php
index 54eaa8dc7..97fae2ad1 100644
--- a/lib/plugins/acl/ajax.php
+++ b/lib/plugins/acl/ajax.php
@@ -16,9 +16,11 @@ require_once(DOKU_INC.'inc/init.php');
require_once(DOKU_INC.'inc/common.php');
require_once(DOKU_INC.'inc/pageutils.php');
require_once(DOKU_INC.'inc/auth.php');
-//close sesseion
+//close session
session_write_close();
+if(!auth_ismanager()) die('forbidden');
+
$ID = getID();
if(!auth_isadmin) die('for admins only');
@@ -42,6 +44,7 @@ if($ajax == 'info'){
if($ns == '*'){
$ns ='';
}
+ $ns = cleanID($ns);
$lvl = count(explode(':',$ns));
$ns = utf8_encodeFN(str_replace(':','/',$ns));
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 10:31:00 +0000