aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/actions.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/actions.php')
-rw-r--r--engine/lib/actions.php24
1 files changed, 17 insertions, 7 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index ad5f0c208..eafb42155 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -21,13 +21,23 @@
function action($action, $forwarder = "") {
global $CONFIG;
- // All actions require a token.
- if (!action_gatekeeper()) {
- $message = "ERROR: $action was called without an action token and has been ignored. This is usually caused by outdated 3rd party plugins.";
-
- error_log($message);
- register_error($message);
- forward();
+ // @todo REMOVE THESE EXCEPTIONS IN 1.8.
+ // These are only to provide a way to disable plugins that overwrite core
+ // UI without tokens. (And for installation because of session_id problems)
+ $exceptions = array(
+ 'systemsettings/install',
+ 'admin/plugins/disable'
+ );
+
+ if (!in_array($action, $exceptions)) {
+ // All actions require a token.
+ if (!action_gatekeeper()) {
+ $message = "ERROR: $action was called without an action token and has been ignored. This is usually caused by outdated 3rd party plugins.";
+
+ error_log($message);
+ register_error($message);
+ forward();
+ }
}
// if there are any query parameters, make them available from get_input