From 7feaaf10369d84248502fb3f266bd6ef9a59dfd8 Mon Sep 17 00:00:00 2001
From: Matthias Vogel <git@kanti.de>
Date: Sat, 12 Jul 2014 12:38:39 +0200
Subject: [PATCH] security hotfix deleting remotely any file on the server.

---
 system/admin/admin.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/system/admin/admin.php b/system/admin/admin.php
index 488dc0d..89c0b4c 100644
--- a/system/admin/admin.php
+++ b/system/admin/admin.php
@@ -189,6 +189,7 @@ function add_page($title, $url, $content) {
 
 // Delete blog post
 function delete_post($file, $destination) {
+	if(!login()) return null;
 	$deleted_content = $file;
 	
 	// Get cache file
@@ -213,6 +214,7 @@ function delete_post($file, $destination) {
 
 // Delete static page
 function delete_page($file, $destination) {
+	if(!login()) return null;
 	$deleted_content = $file;
 	
 	if (!empty($menu)) {