diff --git a/system/htmly.php b/system/htmly.php
index e8345b9..44ec00c 100644
--- a/system/htmly.php
+++ b/system/htmly.php
@@ -1157,15 +1157,29 @@ post('/admin/import', function () {
// Show Config page
get('/admin/config', function () {
+
+ $user = $_SESSION[config("site.url")]['user'];
+ $role = user('role', $user);
+
if (login()) {
config('views.root', 'system/admin/views');
- render('config', array(
- 'title' => 'Config - ' . blog_title(),
- 'description' => blog_description(),
- 'canonical' => site_url(),
- 'bodyclass' => 'config',
- 'breadcrumb' => '' . config('breadcrumb.home') . ' » Config'
- ));
+ if ($role === 'admin') {
+ render('config', array(
+ 'title' => 'Config - ' . blog_title(),
+ 'description' => blog_description(),
+ 'canonical' => site_url(),
+ 'bodyclass' => 'config',
+ 'breadcrumb' => '' . config('breadcrumb.home') . ' » Config'
+ ));
+ } else {
+ render('denied', array(
+ 'title' => 'Config page - ' . blog_title(),
+ 'description' => blog_description(),
+ 'canonical' => site_url(),
+ 'bodyclass' => 'denied',
+ 'breadcrumb' => '',
+ ));
+ }
} else {
$login = site_url() . 'login';
header("location: $login");
diff --git a/system/includes/dispatch.php b/system/includes/dispatch.php
index 075374a..1ae29a2 100644
--- a/system/includes/dispatch.php
+++ b/system/includes/dispatch.php
@@ -548,7 +548,7 @@ function flash($key, $msg = null, $now = false)
function dispatch()
{
- $path = urldecode($_SERVER['REQUEST_URI']);
+ $path = $_SERVER['REQUEST_URI'];
if (config('site.url') !== null)
$path = preg_replace('@^' . preg_quote(site_path()) . '@', '', $path);
diff --git a/system/includes/functions.php b/system/includes/functions.php
index e3cd398..e32c379 100644
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@@ -2521,7 +2521,9 @@ EOF;
echo 'Edit profile';
echo 'Import';
echo 'Backup';
+ if ($role === 'admin') {
echo 'Config';
+ }
echo 'Clear cache';
echo 'Update';
echo 'Logout';