From 3cc49c965a9ac315c712cdb9a14ca97b22be9687 Mon Sep 17 00:00:00 2001
From: Peter Harkins <ph@malaprop.org>
Date: Sat, 19 Feb 2011 18:44:37 -0700
Subject: [PATCH] Check admin permissions

---
 src/messenger/webim/operator/features.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php
index 2a65d67c..bb6843bc 100644
--- a/src/messenger/webim/operator/features.php
+++ b/src/messenger/webim/operator/features.php
@@ -42,12 +42,16 @@ foreach($options as $opt) {
 }
 
 if (isset($_POST['sent'])) {
-	foreach($options as $opt) {
-    	$settings[$opt] = verifyparam($opt,"/^on$/", "") == "on" ? "1" : "0";
+	if (is_capable($can_administrate, $operator)) {
+		foreach($options as $opt) {
+    		$settings[$opt] = verifyparam($opt,"/^on$/", "") == "on" ? "1" : "0";
+		}
+    	update_settings();
+	header("Location: $webimroot/operator/features.php?stored");
+	exit;
+	} else {
+		$errors[] = "Not an administrator.";
 	}
-    update_settings();
-    header("Location: $webimroot/operator/features.php?stored");
-    exit;
 }
 
 $page['stored'] = isset($_GET['stored']);
@@ -59,4 +63,4 @@ prepare_menu($operator);
 setup_settings_tabs(1);
 start_html_output();
 require('../view/features.php');
-?>
\ No newline at end of file
+?>