-
-
Save tamasd/1759966 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- actions/script.action.inc | |
+++ actions/script.action.inc | |
@@ -1,6 +1,10 @@ | |
<?php | |
function views_bulk_operations_script_action_info() { | |
+##GardensExcludeFromExportStart################################################ | |
+// Make it impossible on Gardens sites to execute PHP scripts via VBO. | |
+return array(); | |
+##################################################GardensExcludeFromExportEnd## | |
if (!module_exists('actions_permissions') && !user_access('administer site configuration')) return array(); | |
return array('views_bulk_operations_script_action' => array( | |
'type' => 'entity', | |
@@ -10,6 +14,10 @@ | |
} | |
function views_bulk_operations_script_action($entity, $context) { | |
+##GardensExcludeFromExportStart################################################ | |
+// Make it impossible on Gardens sites to execute PHP scripts via VBO. | |
+return; | |
+##################################################GardensExcludeFromExportEnd## | |
if (!module_exists('actions_permissions') && !user_access('administer site configuration')) { | |
global $user; | |
$msg = 'An attempt to execute arbitrary PHP script action by user <a href="user/!uid">%user</a> was blocked because of lack of permission.'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment