From 03a337a660a40263db0f3b5b5123cfa04f5c7505 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 18 Sep 2020 15:48:22 +0300 Subject: [PATCH] add basic safe mode which doesn't load any user plugins --- classes/handler/public.php | 2 ++ classes/pref/prefs.php | 4 ++++ include/functions.php | 2 +- include/login_form.php | 8 ++++++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/classes/handler/public.php b/classes/handler/public.php index a735b1931..822ad1fd9 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -673,6 +673,7 @@ class Handler_Public extends Handler { $login = clean($_POST["login"]); $password = clean($_POST["password"]); $remember_me = clean($_POST["remember_me"]); + $safe_mode = checkbox_to_sql_bool(clean($_POST["safe_mode"])); if ($remember_me) { @session_set_cookie_params(SESSION_COOKIE_LIFETIME); @@ -689,6 +690,7 @@ class Handler_Public extends Handler { $_SESSION["ref_schema_version"] = get_schema_version(true); $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]); + $_SESSION["safe_mode"] = $safe_mode; if (clean($_POST["profile"])) { diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 25aac9964..ac2684683 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -858,6 +858,10 @@ class Pref_Prefs extends Handler_Protected { print_warning("Your PHP configuration has open_basedir restrictions enabled. Some plugins relying on CURL for functionality may not work correctly."); } + if ($_SESSION["safe_mode"]) { + print_error("You have logged in using safe mode, no user plugins will be actually enabled until you login again."); + } + $feed_handler_whitelist = [ "Af_Comics" ]; $feed_handlers = array_merge( diff --git a/include/functions.php b/include/functions.php index 4031afa6e..0a02ff0d5 100644 --- a/include/functions.php +++ b/include/functions.php @@ -714,7 +714,7 @@ if (!$pluginhost) $pluginhost = PluginHost::getInstance(); - if ($owner_uid && SCHEMA_VERSION >= 100) { + if ($owner_uid && SCHEMA_VERSION >= 100 && !$_SESSION["safe_mode"]) { $plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); $pluginhost->load($plugins, PluginHost::KIND_USER, $owner_uid); diff --git a/include/login_form.php b/include/login_form.php index 29fbe3aba..d2688d0ec 100755 --- a/include/login_form.php +++ b/include/login_form.php @@ -146,6 +146,14 @@ +
+ + + +
+ 0) { ?>