diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-02 14:29:32 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-02 14:29:32 +0000 |
| commit | d3c14ad6fefc670709b16cb2efdb165b8aa45a3c (patch) | |
| tree | 72633674a709fd731943eedecb88254956058a04 /includes | |
| parent | e58c6c36a7d346ba6f83bb204f4eef93ea8da624 (diff) | |
| download | brdo-d3c14ad6fefc670709b16cb2efdb165b8aa45a3c.tar.gz brdo-d3c14ad6fefc670709b16cb2efdb165b8aa45a3c.tar.bz2 | |
#50901 by chx: do not allow user login under maintenance mode, if the logged in user has no site config permission
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/bootstrap.inc | 9 | ||||
| -rw-r--r-- | includes/menu.inc | 31 |
2 files changed, 26 insertions, 14 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index ad750be6d..caf23b672 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -751,8 +751,11 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO * - 'status' * - 'warning' * - 'error' + * @param $repeat + * If this is FALSE and the message is already set, then the message won't + * be repeated. */ -function drupal_set_message($message = NULL, $type = 'status') { +function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) { if ($message) { if (!isset($_SESSION['messages'])) { $_SESSION['messages'] = array(); @@ -762,7 +765,9 @@ function drupal_set_message($message = NULL, $type = 'status') { $_SESSION['messages'][$type] = array(); } - $_SESSION['messages'][$type][] = $message; + if ($repeat || !in_array($message, $_SESSION['messages'][$type])) { + $_SESSION['messages'][$type][] = $message; + } } // messages not set when DB connection fails diff --git a/includes/menu.inc b/includes/menu.inc index 52bb2e977..c3cb3cb88 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -2257,26 +2257,33 @@ function menu_path_is_external($path) { } /** - * Returns TRUE if the site is off-line for maintenance. + * Checks whether the site is off-line for maintenance. + * + * This function will log the current user out and redirect to front page + * if the current user has no 'administer site configuration' permission. + * + * @return + * FALSE if the site is not off-line or its the login page or the user has + * 'administer site configuration' permission. + * TRUE for anonymous users not on the login page if the site is off-line. */ function _menu_site_is_offline() { // Check if site is set to off-line mode. if (variable_get('site_offline', 0)) { // Check if the user has administration privileges. - if (!user_access('administer site configuration')) { - // Check if this is an attempt to login. - if (drupal_get_normal_path($_GET['q']) != 'user') { - return TRUE; - } - } - else { - $offline_message = t('Operating in off-line mode.'); - $messages = drupal_set_message(); + if (user_access('administer site configuration')) { // Ensure that the off-line message is displayed only once [allowing for // page redirects]. - if (!isset($messages) || !isset($messages['status']) || !in_array($offline_message, $messages['status'])) { - drupal_set_message($offline_message); + drupal_set_message(t('Operating in off-line mode.'), 'status', FALSE); + } + else { + // Anonymous users get a FALSE at the login prompt, TRUE otherwise. + if (user_is_anonymous()) { + return $_GET['q'] != 'user' && $_GET['q'] != 'user/login'; } + // Logged in users are unprivileged here, so they are logged out. + require_once drupal_get_path('module', 'user') .'/user.pages.inc'; + user_logout(); } } return FALSE; |