From e53793edf40f3839c3d8f2dcf02da8584226e68b Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 23 Jan 2011 10:18:35 -0500 Subject: [PATCH] make 'admin' a safe user name 'admin' is a pretty common username that people try when installing; it was blacklisted because all of our admin panels were at /admin/*, which would conflict with the admin user's namespace. Changed the location of all admin panels to /panel/*, blacklisted the nickname 'panel', and allowed 'admin'. Tested with a fresh install; seems to work great. --- lib/installer.php | 2 +- lib/router.php | 24 +++++++++---------- plugins/Adsense/AdsensePlugin.php | 2 +- plugins/BitlyUrl/BitlyUrlPlugin.php | 2 +- plugins/Blacklist/BlacklistPlugin.php | 2 +- plugins/Facebook/FacebookPlugin.php | 2 +- .../FacebookBridge/FacebookBridgePlugin.php | 2 +- plugins/OpenID/OpenIDPlugin.php | 2 +- plugins/OpenX/OpenXPlugin.php | 2 +- plugins/Sitemap/SitemapPlugin.php | 2 +- plugins/TwitterBridge/TwitterBridgePlugin.php | 2 +- plugins/UserFlag/UserFlagPlugin.php | 2 +- plugins/YammerImport/YammerImportPlugin.php | 4 ++-- 13 files changed, 25 insertions(+), 25 deletions(-) diff --git a/lib/installer.php b/lib/installer.php index ad1989f4eb..1add65ba81 100644 --- a/lib/installer.php +++ b/lib/installer.php @@ -236,7 +236,7 @@ abstract class Installer } // @fixme hardcoded list; should use User::allowed_nickname() // if/when it's safe to have loaded the infrastructure here - $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook'); + $blacklist = array('main', 'panel', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook'); if (in_array($this->adminNick, $blacklist)) { $this->updateStatus('The user nickname "' . htmlspecialchars($this->adminNick) . '" is reserved.', true); diff --git a/lib/router.php b/lib/router.php index b969829492..99d8aeb043 100644 --- a/lib/router.php +++ b/lib/router.php @@ -791,21 +791,21 @@ class Router // Admin - $m->connect('admin/site', array('action' => 'siteadminpanel')); - $m->connect('admin/design', array('action' => 'designadminpanel')); - $m->connect('admin/user', array('action' => 'useradminpanel')); - $m->connect('admin/access', array('action' => 'accessadminpanel')); - $m->connect('admin/paths', array('action' => 'pathsadminpanel')); - $m->connect('admin/sessions', array('action' => 'sessionsadminpanel')); - $m->connect('admin/sitenotice', array('action' => 'sitenoticeadminpanel')); - $m->connect('admin/snapshot', array('action' => 'snapshotadminpanel')); - $m->connect('admin/license', array('action' => 'licenseadminpanel')); + $m->connect('panel/site', array('action' => 'siteadminpanel')); + $m->connect('panel/design', array('action' => 'designadminpanel')); + $m->connect('panel/user', array('action' => 'useradminpanel')); + $m->connect('panel/access', array('action' => 'accessadminpanel')); + $m->connect('panel/paths', array('action' => 'pathsadminpanel')); + $m->connect('panel/sessions', array('action' => 'sessionsadminpanel')); + $m->connect('panel/sitenotice', array('action' => 'sitenoticeadminpanel')); + $m->connect('panel/snapshot', array('action' => 'snapshotadminpanel')); + $m->connect('panel/license', array('action' => 'licenseadminpanel')); - $m->connect('admin/plugins', array('action' => 'pluginsadminpanel')); - $m->connect('admin/plugins/enable/:plugin', + $m->connect('panel/plugins', array('action' => 'pluginsadminpanel')); + $m->connect('panel/plugins/enable/:plugin', array('action' => 'pluginenable'), array('plugin' => '[A-Za-z0-9_]+')); - $m->connect('admin/plugins/disable/:plugin', + $m->connect('panel/plugins/disable/:plugin', array('action' => 'plugindisable'), array('plugin' => '[A-Za-z0-9_]+')); diff --git a/plugins/Adsense/AdsensePlugin.php b/plugins/Adsense/AdsensePlugin.php index 1965f95eab..fec033331a 100644 --- a/plugins/Adsense/AdsensePlugin.php +++ b/plugins/Adsense/AdsensePlugin.php @@ -168,7 +168,7 @@ class AdsensePlugin extends UAPPlugin function onRouterInitialized($m) { - $m->connect('admin/adsense', + $m->connect('panel/adsense', array('action' => 'adsenseadminpanel')); return true; diff --git a/plugins/BitlyUrl/BitlyUrlPlugin.php b/plugins/BitlyUrl/BitlyUrlPlugin.php index 532e66fbc7..8e8bf8d46e 100644 --- a/plugins/BitlyUrl/BitlyUrlPlugin.php +++ b/plugins/BitlyUrl/BitlyUrlPlugin.php @@ -184,7 +184,7 @@ class BitlyUrlPlugin extends UrlShortenerPlugin */ function onRouterInitialized($m) { - $m->connect('admin/bitly', + $m->connect('panel/bitly', array('action' => 'bitlyadminpanel')); return true; } diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index 15545f03cb..855263b5e0 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -297,7 +297,7 @@ class BlacklistPlugin extends Plugin */ function onRouterInitialized($m) { - $m->connect('admin/blacklist', array('action' => 'blacklistadminpanel')); + $m->connect('panel/blacklist', array('action' => 'blacklistadminpanel')); return true; } diff --git a/plugins/Facebook/FacebookPlugin.php b/plugins/Facebook/FacebookPlugin.php index 798009817c..14af21b516 100644 --- a/plugins/Facebook/FacebookPlugin.php +++ b/plugins/Facebook/FacebookPlugin.php @@ -105,7 +105,7 @@ class FacebookPlugin extends Plugin */ function onStartInitializeRouter($m) { - $m->connect('admin/facebook', array('action' => 'facebookadminpanel')); + $m->connect('panel/facebook', array('action' => 'facebookadminpanel')); if (self::hasKeys()) { // Facebook App stuff diff --git a/plugins/FacebookBridge/FacebookBridgePlugin.php b/plugins/FacebookBridge/FacebookBridgePlugin.php index 8b5d05e983..c6ff9bf74d 100644 --- a/plugins/FacebookBridge/FacebookBridgePlugin.php +++ b/plugins/FacebookBridge/FacebookBridgePlugin.php @@ -154,7 +154,7 @@ class FacebookBridgePlugin extends Plugin function onRouterInitialized($m) { // Always add the admin panel route - $m->connect('admin/facebook', array('action' => 'facebookadminpanel')); + $m->connect('panel/facebook', array('action' => 'facebookadminpanel')); // Only add these routes if an application has been setup on // Facebook for the plugin to use. diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index d1a6786fa8..97a685c004 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -80,7 +80,7 @@ class OpenIDPlugin extends Plugin $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); $m->connect('main/openidserver', array('action' => 'openidserver')); - $m->connect('admin/openid', array('action' => 'openidadminpanel')); + $m->connect('panel/openid', array('action' => 'openidadminpanel')); return true; } diff --git a/plugins/OpenX/OpenXPlugin.php b/plugins/OpenX/OpenXPlugin.php index 5d3bb2306c..acc904381a 100644 --- a/plugins/OpenX/OpenXPlugin.php +++ b/plugins/OpenX/OpenXPlugin.php @@ -175,7 +175,7 @@ ENDOFSCRIPT; function onRouterInitialized($m) { - $m->connect('admin/openx', + $m->connect('panel/openx', array('action' => 'openxadminpanel')); return true; diff --git a/plugins/Sitemap/SitemapPlugin.php b/plugins/Sitemap/SitemapPlugin.php index 6a77f81231..36041cfc9a 100644 --- a/plugins/Sitemap/SitemapPlugin.php +++ b/plugins/Sitemap/SitemapPlugin.php @@ -122,7 +122,7 @@ class SitemapPlugin extends Plugin 'day' => '[0123][0-9]', 'index' => '[1-9][0-9]*')); - $m->connect('admin/sitemap', + $m->connect('panel/sitemap', array('action' => 'sitemapadminpanel')); return true; diff --git a/plugins/TwitterBridge/TwitterBridgePlugin.php b/plugins/TwitterBridge/TwitterBridgePlugin.php index b2dce6f1c0..6df48eff3b 100644 --- a/plugins/TwitterBridge/TwitterBridgePlugin.php +++ b/plugins/TwitterBridge/TwitterBridgePlugin.php @@ -111,7 +111,7 @@ class TwitterBridgePlugin extends Plugin */ function onRouterInitialized($m) { - $m->connect('admin/twitter', array('action' => 'twitteradminpanel')); + $m->connect('panel/twitter', array('action' => 'twitteradminpanel')); if (self::hasKeys()) { $m->connect( diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php index fc7698841e..801dc6cc69 100644 --- a/plugins/UserFlag/UserFlagPlugin.php +++ b/plugins/UserFlag/UserFlagPlugin.php @@ -85,7 +85,7 @@ class UserFlagPlugin extends Plugin { $m->connect('main/flag/profile', array('action' => 'flagprofile')); $m->connect('main/flag/clear', array('action' => 'clearflag')); - $m->connect('admin/profile/flag', array('action' => 'adminprofileflag')); + $m->connect('panel/profile/flag', array('action' => 'adminprofileflag')); return true; } diff --git a/plugins/YammerImport/YammerImportPlugin.php b/plugins/YammerImport/YammerImportPlugin.php index 2ce5af21b0..41d8d08a66 100644 --- a/plugins/YammerImport/YammerImportPlugin.php +++ b/plugins/YammerImport/YammerImportPlugin.php @@ -34,9 +34,9 @@ class YammerImportPlugin extends Plugin */ function onRouterInitialized($m) { - $m->connect('admin/yammer', + $m->connect('panel/yammer', array('action' => 'yammeradminpanel')); - $m->connect('admin/yammer/auth', + $m->connect('panel/yammer/auth', array('action' => 'yammerauth')); return true; }