From 9a5d517ec2d90698c98cf57cd5a12b4d1a40f53f Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Fri, 30 Sep 2011 23:10:08 +0200
Subject: [PATCH] Add more checks for admin user

---
 apps/admin_export/settings.php | 1 +
 apps/contacts/photo.php        | 8 +-------
 settings/ajax/disableapp.php   | 1 +
 settings/ajax/enableapp.php    | 1 +
 tests/index.php                | 3 ++-
 5 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/apps/admin_export/settings.php b/apps/admin_export/settings.php
index 565c4b3db9..8308a2b89b 100644
--- a/apps/admin_export/settings.php
+++ b/apps/admin_export/settings.php
@@ -20,6 +20,7 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+OC_Util::checkAdminUser();
 OC_Util::checkAppEnabled('admin_export');
 if (isset($_POST['admin_export'])) {
     $root = OC::$SERVERROOT . "/";
diff --git a/apps/contacts/photo.php b/apps/contacts/photo.php
index 1bdfbe3a27..5178fe7a07 100644
--- a/apps/contacts/photo.php
+++ b/apps/contacts/photo.php
@@ -22,19 +22,13 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OC_Util::checkLoggedIn();
 OC_Util::checkAppEnabled('contacts');
 
 $id = $_GET['id'];
 
 $l10n = new OC_L10N('contacts');
 
-// Check if we are a user
-if( !OC_User::isLoggedIn()){
-	echo $l10n->t('You need to log in.');
-	exit();
-}
-
-
 $card = OC_Contacts_VCard::find( $id );
 if( $card === false ){
 	echo $l10n->t('Contact could not be found.');
diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php
index 12f6b32a4f..06dd3c2ac6 100644
--- a/settings/ajax/disableapp.php
+++ b/settings/ajax/disableapp.php
@@ -1,6 +1,7 @@
 <?php
 // Init owncloud
 require_once('../../lib/base.php');
+OC_JSON::checkAdminUser();
 OC_JSON::setContentTypeHeader();
 
 OC_App::disable($_POST['appid']);
diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index 8be80cd2ec..639df2aecc 100644
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -2,6 +2,7 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OC_JSON::checkAdminUser();
 OC_JSON::setContentTypeHeader();
 
 OC_App::enable($_POST['appid']);
diff --git a/tests/index.php b/tests/index.php
index efa730f6f8..08e53f1a57 100644
--- a/tests/index.php
+++ b/tests/index.php
@@ -26,6 +26,7 @@
  */
  $RUNTIME_NOSETUPFS=true;
 require_once('../lib/base.php');
+OC_Util::checkAdminUser();
 
 $testCases=loadFiles(__DIR__,array('index.php','templates'));
 ob_end_clean();
@@ -74,4 +75,4 @@ function loadFiles($path,$exclude=false){
 	}
 	return $results;
 }
-?>
\ No newline at end of file
+?>
-- 
GitLab