Disable access to the administrator plugin when plugin is disabled in config.

Stable team/Jon: can I commit this into stable aswell?

ChangeLog

@@ -364,6 +364,8 @@ Version 1.5.1 -- CVS
     Thanks to Roalt Zijlstra.
   - Identity code was not checking for domain part in username before setting
     email address (Bug #1219184).
+  - Disallow access to the administrator plugin screens when the plugin is
+    not enabled in the config.
 
 
 Version 1.5.0 - 2 February 2004

plugins/administrator/auth.php

@@ -19,9 +19,14 @@
  * @return boolean
  */
 function adm_check_user() {
-    global $PHP_SELF;
+    global $PHP_SELF, $plugins;
     require_once(SM_PATH . 'functions/global.php');
 
+    /* fail if the plugin is not enabled */
+    if ( !in_array('administrator', $plugins) ) {
+        return FALSE;
+    }
+
     if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) {
         $username = '';
     }
@@ -58,4 +63,4 @@ function adm_check_user() {
 function adm_array_trim(&$value,$key) {
     $value=trim($value);
 }
-?>
+?>