Skip to content
This repository was archived by the owner on May 19, 2025. It is now read-only.

Commit 1a18864

Browse files
joshp23joshp23
committed
Fix INFOS mgmt
1 parent 3395857 commit 1a18864

File tree

1 file changed

+19
-8
lines changed

1 file changed

+19
-8
lines changed

authMgrPlus/plugin.php

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
Plugin Name: Auth Manager Plus
44
Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
55
Description: Role Based Access Controlls with seperated user data for authenticated users
6-
Version: 1.0.5
6+
Version: 1.0.6
77
Author: Josh Panter, nicwaller, Ian Barber <[email protected]>
88
Author URI: https://unfettered.net
99
*/
@@ -290,27 +290,35 @@ function amp_admin_list_where($where) {
290290

291291
return $where;
292292
}
293+
293294
// API stats
294295
yourls_add_filter( 'api_url_stats', 'amp_api_url_stats' );
295296
function amp_api_url_stats( $return, $shorturl ) {
297+
296298
$keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
297299
$keyword = yourls_sanitize_string( $keyword );
298300
$keyword = addslashes($keyword);
299301

300-
if(amp_access_keyword($keyword))
301-
return $return;
302-
else
302+
if( ( !defined('YOURLS_PRIVATE_INFOS') || YOURLS_PRIVATE_INFOS !== false )
303+
&& !amp_access_keyword($keyword) )
303304
return array('simple' => "URL is owned by another user", 'message' => 'URL is owned by another user', 'errorCode' => 403);
305+
306+
else
307+
return $return;
304308
}
309+
305310
// Info pages
306311
yourls_add_action( 'pre_yourls_infos', 'amp_pre_yourls_infos' );
307312
function amp_pre_yourls_infos( $keyword ) {
308-
if( !amp_access_keyword($keyword) ) {
313+
314+
if( yourls_is_private() && !amp_access_keyword($keyword) ) {
315+
309316
$authenticated = yourls_is_valid_user();
317+
310318
if ( $authenticated === true )
311-
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
312-
else
313-
yourls_redirect( YOURLS_SITE, 302 );
319+
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
320+
else
321+
yourls_redirect( YOURLS_SITE, 302 );
314322
}
315323
}
316324

@@ -459,6 +467,7 @@ function amp_activated() {
459467
}
460468
}
461469
}
470+
462471
/***************** HELPER FUNCTIONS ********************/
463472

464473
// List currently available capabilities
@@ -518,6 +527,7 @@ function amp_access_keyword( $keyword ) {
518527

519528
return $result > 0;
520529
}
530+
521531
// Check user rights to a keyword ( can manage it )
522532
function amp_manage_keyword( $keyword, $capability ) {
523533
// only authenticated users can manaage keywords
@@ -548,6 +558,7 @@ function amp_manage_keyword( $keyword, $capability ) {
548558

549559
return false;
550560
}
561+
551562
// Check keyword ownership
552563
function amp_keyword_owner( $keyword ) {
553564
global $ydb;

0 commit comments

Comments
 (0)