important bits we need to allow php executable content. These must be explicitly allowed - but only if the account has ACCOUNT_ROLE_ALLOWCODE and *only* for web pages and profile fields. This content cannot be transmitted to other sites.

2013-08-11 16:56:06 -07:00
parent 5aa508dba7
commit d7a9db1088
3 changed files with 53 additions and 20 deletions
--- a/boot.php
+++ b/boot.php
@@ -434,8 +434,8 @@ define ( 'ACCOUNT_PENDING',      0x0010 );
 * Account roles
 */

-define ( 'ACCOUNT_ROLE_ADMIN',    0x1000 );
-
+define ( 'ACCOUNT_ROLE_ADMIN',     0x1000 );
+define ( 'ACCOUNT_ROLE_ALLOWCODE', 0x0001 );    

 /**
 * Item visibility