From b15cd32d2f75fbf943eda38a7b90f05d2806dae5 Mon Sep 17 00:00:00 2001
From: jgpcx <jerry@gpcx.de>
Date: Tue, 28 Jan 2014 17:02:25 +0100
Subject: Update action.php

fix bug that only allows admins any AJAX calls
---
 lib/plugins/extension/action.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'lib/plugins')

diff --git a/lib/plugins/extension/action.php b/lib/plugins/extension/action.php
index 9dd1648ff..3f2ccaace 100644
--- a/lib/plugins/extension/action.php
+++ b/lib/plugins/extension/action.php
@@ -32,16 +32,17 @@ class action_plugin_extension extends DokuWiki_Action_Plugin {
         global $USERINFO;
         global $INPUT;
 
+
+        if($event->data != 'plugin_extension') return;
+        $event->preventDefault();
+        $event->stopPropagation();
+
         if(empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])){
             http_status(403);
             echo 'Forbidden';
             exit;
         }
 
-        if($event->data != 'plugin_extension') return;
-        $event->preventDefault();
-        $event->stopPropagation();
-
         header('Content-Type: text/html; charset=utf-8');
 
         $ext = $INPUT->str('ext');
-- 
cgit v1.2.3