Add access checks to the plugin parameter Fixes #8147

Author: bembelimen

administrator/language/en-GB/en-GB.plg_editors_tinymce.ini

@@ -12,12 +12,12 @@ PLG_TINY_FIELD_ADVIMAGE_DESC="Turn on/off a more advanced image dialog."
 PLG_TINY_FIELD_ADVIMAGE_LABEL="Advanced Image"
 PLG_TINY_FIELD_ADVLIST_DESC="Turn on/off to enable to set number formats and bullet types in ordered and unordered lists."
 PLG_TINY_FIELD_ADVLIST_LABEL="Advanced List"
-PLG_TINY_FIELD_ALIGN_DESC="Turn on/off to enable the alignment of the text. Only works in Extended mode."
+PLG_TINY_FIELD_ALIGN_DESC="Turn on/off to enable the alignment of the text."
 PLG_TINY_FIELD_ALIGN_LABEL="Text Alignment"
 PLG_TINY_FIELD_BLOCKQUOTE_DESC="Turn on/off blockquotes."
 PLG_TINY_FIELD_BLOCKQUOTE_LABEL="Blockquote"
-PLG_TINY_FIELD_COLORS_DESC="Show or hide the Colours control buttons. Only works in Extended mode."
-PLG_TINY_FIELD_COLORS_LABEL="Colours"
+PLG_TINY_FIELD_COLORS_DESC="Show or hide the Colors control buttons."
+PLG_TINY_FIELD_COLORS_LABEL="Colors"
 PLG_TINY_FIELD_CONTEXTMENU_DESC="Turn on/off Context Menu."
 PLG_TINY_FIELD_CONTEXTMENU_LABEL="Context Menu"
 PLG_TINY_FIELD_CSS_DESC="By default the Plugin looks for an editor.css file. If it can't find one in the default template CSS folder, it loads the editor.css file from the system template."
@@ -30,7 +30,7 @@ PLG_TINY_FIELD_CUSTOMPLUGIN_DESC="Add custom plugin(s)."
 PLG_TINY_FIELD_CUSTOMPLUGIN_LABEL="Custom Plugin"
 PLG_TINY_FIELD_CUSTOM_PATH_DESC="Provide a directory for the images to be uploaded. If nothing provided images will be uploaded at /images."
 PLG_TINY_FIELD_CUSTOM_PATH_LABEL="Images directory"
-PLG_TINY_FIELD_DATE_DESC="Show or hide the Insert Date button. Only works in Extended mode."
+PLG_TINY_FIELD_DATE_DESC="Show or hide the Insert Date button."
 PLG_TINY_FIELD_DATE_LABEL="Insert Date"
 PLG_TINY_FIELD_DIRECTION_DESC="Choose default text direction."
 PLG_TINY_FIELD_DIRECTION_LABEL="Text Direction"
@@ -40,9 +40,9 @@ PLG_TINY_FIELD_ELEMENTS_DESC="Allows the addition of specific valid elements to
 PLG_TINY_FIELD_ELEMENTS_LABEL="Extended Valid Elements"
 PLG_TINY_FIELD_ENCODING_DESC="Controls how HTML entities are encoded. Recommended setting is 'raw'. 'named' = used named entity encoding (for example, '<'). 'numeric' = use numeric HTML encoding (for example, '%03c'). raw = Do not encode HTML entities. Note that searching content may not work properly if setting is not 'raw'."
 PLG_TINY_FIELD_ENCODING_LABEL="Entity Encoding"
-PLG_TINY_FIELD_FONTS_DESC="Show or hide the Font control selectors. Only applies in Extended mode."
+PLG_TINY_FIELD_FONTS_DESC="Show or hide the Font control selectors."
 PLG_TINY_FIELD_FONTS_LABEL="Fonts"
-PLG_TINY_FIELD_FULLSCREEN_DESC="Show or hide the Fullscreen button. Only applies in Extended mode."
+PLG_TINY_FIELD_FULLSCREEN_DESC="Show or hide the Fullscreen button."
 PLG_TINY_FIELD_FULLSCREEN_LABEL="Fullscreen"
 PLG_TINY_FIELD_FUNCTIONALITY_DESC="Select level of functionality."
 PLG_TINY_FIELD_FUNCTIONALITY_LABEL="Functionality"
@@ -59,46 +59,46 @@ PLG_TINY_FIELD_LANGCODE_DESC="Editor UI Language. The value will be used if Auto
 PLG_TINY_FIELD_LANGCODE_LABEL="Language Code"
 PLG_TINY_FIELD_LANGSELECT_DESC="If Yes, editor language will automatically match selected UI language. If the tiny language does not exist, the editor language will default to English."
 PLG_TINY_FIELD_LANGSELECT_LABEL="Automatic Language Selection"
-PLG_TINY_FIELD_LINK_DESC="Select to enable the link icons. Only applies in Extended mode."
+PLG_TINY_FIELD_LINK_DESC="Select to enable the Link icons."
 PLG_TINY_FIELD_LINK_LABEL="Links"
-PLG_TINY_FIELD_MEDIA_DESC="Show or hide the Media button. Only applies in Extended mode."
+PLG_TINY_FIELD_MEDIA_DESC="Show or hide the Media button."
 PLG_TINY_FIELD_MEDIA_LABEL="Media"
 PLG_TINY_FIELD_MOBILE_DESC="This mode puts any mobile devices into the simple functionality with enlarged buttons for easy access."
 PLG_TINY_FIELD_MOBILE_LABEL="Mobile Mode"
-PLG_TINY_FIELD_NAME_EXTENDED_LABEL="<strong>Extended Mode Options</strong><br />These options only work in Extended mode."
+PLG_TINY_FIELD_NAME_EXTENDED_LABEL="<strong>Extended Mode Options</strong><br />Below you can set the access level for each one of the fields individually.<br />Please keep in mind that these options will only have an effect in <strong>Extended</strong> mode."
 PLG_TINY_FIELD_NEWLINES_DESC="New lines will be created using the selected option."
 PLG_TINY_FIELD_NEWLINES_LABEL="New Lines"
 PLG_TINY_FIELD_NONBREAKING_DESC="Insert non-breaking space entities."
 PLG_TINY_FIELD_NONBREAKING_LABEL="Non-breaking"
-PLG_TINY_FIELD_PASTE_DESC="Show or hide the Paste buttons. Only applies in Extended mode."
+PLG_TINY_FIELD_PASTE_DESC="Show or hide the Paste button."
 PLG_TINY_FIELD_PASTE_LABEL="Paste"
 PLG_TINY_FIELD_PATH_DESC="If set to ON, it displays the set classes for the marked text."
 PLG_TINY_FIELD_PATH_LABEL="Element Path"
-PLG_TINY_FIELD_PRINT_DESC="Turn on/off the print and print preview icons in the editor. Only applies in Extended mode."
+PLG_TINY_FIELD_PRINT_DESC="Turn on/off the print and print preview icons in the editor."
 PLG_TINY_FIELD_PRINT_LABEL="Print/Preview"
 PLG_TINY_FIELD_PROHIBITED_DESC="Elements that will be cleaned from the text. Do not leave empty - if you do not want to prohibit anything enter dummy text eg cms."
 PLG_TINY_FIELD_PROHIBITED_LABEL="Prohibited Elements"
 PLG_TINY_FIELD_RESIZE_HORIZONTAL_DESC="Enable/disable the horizontal resizing."
 PLG_TINY_FIELD_RESIZE_HORIZONTAL_LABEL="Horizontal resizing"
 PLG_TINY_FIELD_RESIZING_DESC="Enable/disable the resizing of the editor area (vertically and also horizontally if 'Horizontal Resizing' is enabled)."
 PLG_TINY_FIELD_RESIZING_LABEL="Resizing"
-PLG_TINY_FIELD_RTL_DESC="Select whether to display the RTL button. Only applies in Extended mode."
+PLG_TINY_FIELD_RTL_DESC="Select whether to display the RTL button."
 PLG_TINY_FIELD_RTL_LABEL="Directionality"
 PLG_TINY_FIELD_SAVEWARNING_DESC="Save Warning: gives warning if you cancel without saving changes."
 PLG_TINY_FIELD_SAVEWARNING_LABEL="Save Warning"
-PLG_TINY_FIELD_SEARCH-REPLACE_DESC="Show or hide the Search &amp; Replace button. Only applies in Extended mode."
+PLG_TINY_FIELD_SEARCH-REPLACE_DESC="Show or hide the Search &amp; Replace button."
 PLG_TINY_FIELD_SEARCH-REPLACE_LABEL="Search &amp; Replace"
 PLG_TINY_FIELD_SKIN_ADMIN_DESC="Select skin for the Administrator Backend interface."
 PLG_TINY_FIELD_SKIN_ADMIN_LABEL="Administrator Skin"
 PLG_TINY_FIELD_SKIN_DESC="Select skin for the Frontend interface."
 PLG_TINY_FIELD_SKIN_INFO_DESC="Copy your new skins to: /media/editors/tinymce/skins."
 PLG_TINY_FIELD_SKIN_INFO_LABEL="For customised skins go to: <a href="_QQ_"http://skin.tinymce.com"_QQ_" target="_QQ_"_blank"_QQ_">Skin Creator</a>"
 PLG_TINY_FIELD_SKIN_LABEL="Site Skin"
-PLG_TINY_FIELD_SMILIES_DESC="Show or hide the smilies buttons. Only applies in Extended mode."
+PLG_TINY_FIELD_SMILIES_DESC="Show or hide the Smilies buttons."
 PLG_TINY_FIELD_SMILIES_LABEL="Smilies"
-PLG_TINY_FIELD_TABLE_DESC="Show or hide the table control buttons. Only applies in Extended mode."
+PLG_TINY_FIELD_TABLE_DESC="Show or hide the Table control buttons."
 PLG_TINY_FIELD_TABLE_LABEL="Table"
-PLG_TINY_FIELD_TEMPLATE_DESC="Show or hide the Insert predefined template content button. Only applies in Extended mode."
+PLG_TINY_FIELD_TEMPLATE_DESC="Show or hide the Insert predefined template content button."
 PLG_TINY_FIELD_TEMPLATE_LABEL="Template"
 PLG_TINY_FIELD_URLS_DESC="URL behaviour."
 PLG_TINY_FIELD_URLS_LABEL="URLs"
@@ -135,4 +135,4 @@ PLG_TINY_TEMPLATE_LAYOUT1_DESC="HTML layout."
 PLG_TINY_TEMPLATE_LAYOUT1_TITLE="Layout"
 PLG_TINY_TEMPLATE_SNIPPET1_DESC="Simple HTML snippet."
 PLG_TINY_TEMPLATE_SNIPPET1_TITLE="Simple Snippet"
-PLG_TINY_XML_DESCRIPTION="TinyMCE is a platform independent web based JavaScript HTML WYSIWYG Editor."
+PLG_TINY_XML_DESCRIPTION="TinyMCE is a platform independent web based JavaScript HTML WYSIWYG Editor."

plugins/editors/tinymce/tinymce.php

@@ -213,6 +213,11 @@ public function onInit()
 		$valid_elements    = $this->params->get('valid_elements', '');
 
 		// Advanced Options
+		$access = JFactory::getUser()->getAuthorisedViewLevels();
+
+		// Flip for performance, so we can direct check for the key isset($access[$key])
+		$access = array_flip($access);
+
 		$html_height = $this->params->get('html_height', '550');
 		$html_width  = $this->params->get('html_width', '');
 
@@ -224,7 +229,7 @@ public function onInit()
 		// Image advanced options
 		$image_advtab = $this->params->get('image_advtab', 1);
 
-		if ($image_advtab)
+		if (isset($access[$image_advtab]))
 		{
 			$image_advtab = "true";
 		}
@@ -280,7 +285,7 @@ public function onInit()
 		// Alignment buttons
 		$alignment = $this->params->get('alignment', 1);
 
-		if ($alignment)
+		if (isset($access[$alignment]))
 		{
 			$toolbar1_add[] = '|';
 			$toolbar1_add[] = 'alignleft';
@@ -297,7 +302,7 @@ public function onInit()
 		// Fonts
 		$fonts = $this->params->get('fonts', 1);
 
-		if ($fonts)
+		if (isset($access[$fonts]))
 		{
 			$toolbar1_add[] = 'fontselect';
 			$toolbar1_add[] = 'fontsizeselect';
@@ -306,7 +311,7 @@ public function onInit()
 		// Search & replace
 		$searchreplace = $this->params->get('searchreplace', 1);
 
-		if ($searchreplace)
+		if (isset($access[$searchreplace]))
 		{
 			$plugins[]      = 'searchreplace';
 			$toolbar2_add[] = 'searchreplace';
@@ -326,7 +331,7 @@ public function onInit()
 		// Insert date and/or time plugin
 		$insertdate = $this->params->get('insertdate', 1);
 
-		if ($insertdate)
+		if (isset($access[$insertdate]))
 		{
 			$plugins[]      = 'insertdatetime';
 			$toolbar4_add[] = 'inserttime';
@@ -335,7 +340,7 @@ public function onInit()
 		// Link plugin
 		$link = $this->params->get('link', 1);
 
-		if ($link)
+		if (isset($access[$link]))
 		{
 			$plugins[]      = 'link';
 			$toolbar2_add[] = 'link';
@@ -347,10 +352,10 @@ public function onInit()
 		$toolbar2_add[] = '|';
 		$toolbar2_add[] = 'code';
 
-		// Colours
-		$colours = $this->params->get('colours', 1);
+		// Colors
+		$colors = $this->params->get('colors', 1);
 
-		if ($colours)
+		if (isset($access[$colors]))
 		{
 			$toolbar2_add[] = '|';
 			$toolbar2_add[] = 'forecolor,backcolor';
@@ -359,7 +364,7 @@ public function onInit()
 		// Fullscreen
 		$fullscreen = $this->params->get('fullscreen', 1);
 
-		if ($fullscreen)
+		if (isset($access[$fullscreen]))
 		{
 			$plugins[]      = 'fullscreen';
 			$toolbar2_add[] = '|';
@@ -369,7 +374,7 @@ public function onInit()
 		// Table
 		$table = $this->params->get('table', 1);
 
-		if ($table)
+		if (isset($access[$table]))
 		{
 			$plugins[]      = 'table';
 			$toolbar3_add[] = 'table';
@@ -384,7 +389,7 @@ public function onInit()
 		// Emotions
 		$smilies = $this->params->get('smilies', 1);
 
-		if ($smilies)
+		if (isset($access[$smilies]))
 		{
 			$plugins[]      = 'emoticons';
 			$toolbar3_add[] = 'emoticons';
@@ -393,7 +398,7 @@ public function onInit()
 		// Media plugin
 		$media = $this->params->get('media', 1);
 
-		if ($media)
+		if (isset($access[$media]))
 		{
 			$plugins[]      = 'media';
 			$toolbar3_add[] = 'media';
@@ -402,7 +407,7 @@ public function onInit()
 		// Horizontal line
 		$hr = $this->params->get('hr', 1);
 
-		if ($hr)
+		if (isset($access[$hr]))
 		{
 			$plugins[]      = 'hr';
 			$elements[]     = 'hr[id|title|alt|class|width|size|noshade]';
@@ -416,7 +421,7 @@ public function onInit()
 		// RTL/LTR buttons
 		$directionality = $this->params->get('directionality', 1);
 
-		if ($directionality)
+		if (isset($access[$directionality]))
 		{
 			$plugins[] = 'directionality';
 			$toolbar3_add[] = 'ltr rtl';
@@ -433,7 +438,7 @@ public function onInit()
 		// Paste
 		$paste = $this->params->get('paste', 1);
 
-		if ($paste)
+		if (isset($access[$paste]))
 		{
 			$plugins[]      = 'paste';
 			$toolbar4_add[] = 'paste';
@@ -444,7 +449,7 @@ public function onInit()
 		// Visualchars
 		$visualchars = $this->params->get('visualchars', 1);
 
-		if ($visualchars)
+		if (isset($access[$visualchars]))
 		{
 			$plugins[]      = 'visualchars';
 			$toolbar4_add[] = 'visualchars';
@@ -453,7 +458,7 @@ public function onInit()
 		// Visualblocks
 		$visualblocks = $this->params->get('visualblocks', 1);
 
-		if ($visualblocks)
+		if (isset($access[$visualblocks]))
 		{
 			$plugins[]      = 'visualblocks';
 			$toolbar4_add[] = 'visualblocks';
@@ -462,7 +467,7 @@ public function onInit()
 		// Non-breaking
 		$nonbreaking = $this->params->get('nonbreaking', 1);
 
-		if ($nonbreaking)
+		if (isset($access[$nonbreaking]))
 		{
 			$plugins[]      = 'nonbreaking';
 			$toolbar4_add[] = 'nonbreaking';
@@ -471,15 +476,15 @@ public function onInit()
 		// Blockquote
 		$blockquote = $this->params->get('blockquote', 1);
 
-		if ($blockquote)
+		if (isset($access[$blockquote]))
 		{
 			$toolbar4_add[] = 'blockquote';
 		}
 
 		// Template
 		$template = $this->params->get('template', 1);
 
-		if ($template)
+		if (isset($access[$template]))
 		{
 			$plugins[]      = 'template';
 			$toolbar4_add[] = 'template';
@@ -547,7 +552,7 @@ public function onInit()
 		// Print
 		$print = $this->params->get('print', 1);
 
-		if ($print)
+		if (isset($access[$print]))
 		{
 			$plugins[] = 'print';
 			$toolbar4_add[] = '|';
@@ -558,7 +563,7 @@ public function onInit()
 		// Spellchecker
 		$spell = $this->params->get('spell', 0);
 
-		if ($spell)
+		if (isset($access[$spell]))
 		{
 			$plugins[]      = 'spellchecker';
 			$toolbar4_add[] = '|';
@@ -568,31 +573,31 @@ public function onInit()
 		// Wordcount
 		$wordcount = $this->params->get('wordcount', 1);
 
-		if ($wordcount)
+		if (isset($access[$wordcount]))
 		{
 			$plugins[] = 'wordcount';
 		}
 
 		// Advlist
 		$advlist = $this->params->get('advlist', 1);
 
-		if ($advlist)
+		if (isset($access[$advlist]))
 		{
 			$plugins[] = 'advlist';
 		}
 
 		// Autosave
 		$autosave = $this->params->get('autosave', 1);
 
-		if ($autosave)
+		if (isset($access[$autosave]))
 		{
 			$plugins[] = 'autosave';
 		}
 
 		// Context menu
 		$contextmenu = $this->params->get('contextmenu', 1);
 
-		if ($contextmenu)
+		if (isset($access[$contextmenu]))
 		{
 			$plugins[] = 'contextmenu';
 		}