diff options
-rw-r--r-- | engine/lib/actions.php | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index ad5f0c208..eafb42155 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -21,13 +21,23 @@ function action($action, $forwarder = "") { global $CONFIG; - // All actions require a token. - if (!action_gatekeeper()) { - $message = "ERROR: $action was called without an action token and has been ignored. This is usually caused by outdated 3rd party plugins."; - - error_log($message); - register_error($message); - forward(); + // @todo REMOVE THESE EXCEPTIONS IN 1.8. + // These are only to provide a way to disable plugins that overwrite core + // UI without tokens. (And for installation because of session_id problems) + $exceptions = array( + 'systemsettings/install', + 'admin/plugins/disable' + ); + + if (!in_array($action, $exceptions)) { + // All actions require a token. + if (!action_gatekeeper()) { + $message = "ERROR: $action was called without an action token and has been ignored. This is usually caused by outdated 3rd party plugins."; + + error_log($message); + register_error($message); + forward(); + } } // if there are any query parameters, make them available from get_input |