From f31b13607ee570b8cedda75cc4bac0db6a8c0f2b Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Tue, 27 Mar 2012 10:47:13 +0200
Subject: [PATCH] Fixing plugin configuration settings

---
 main/admin/configure_plugin.php | 38 ++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/main/admin/configure_plugin.php b/main/admin/configure_plugin.php
index c37aa3d788..13929d74ef 100644
--- a/main/admin/configure_plugin.php
+++ b/main/admin/configure_plugin.php
@@ -10,6 +10,9 @@ $language_file = array ('registration','admin');
 $cidReset = true;
 require_once '../inc/global.inc.php';
 
+// Access restrictions
+api_protect_admin_script();
+
 $plugin_name = $_GET['name'];
 
 $plugin_obj = new AppPlugin();
@@ -21,36 +24,41 @@ if (empty($plugin_info)) {
 
 $installed_plugins = $plugin_obj->get_installed_plugins();
 
+
 if (!in_array($plugin_name, $installed_plugins)) {
     api_not_allowed();
 }
 
 global $_configuration;
 
-$content = '';
+$content = null;
 
 if (isset($plugin_info['settings_form'])) {
-    $form = $plugin_info['settings_form'];
+    $form = $plugin_info['settings_form'];    
     if (isset($form)) {
         //We override the form attributes
         $attributes = array('action'=>api_get_self().'?name='.$plugin_name, 'method'=>'POST');
-        $form->updateAttributes($attributes);        
-        $content = $form->toHtml();
+        $form->updateAttributes($attributes);     
+        $content = Display::page_subheader($plugin_info['title']);
+        $content .= $form->toHtml();        
     }
+} else {
+    $message = Display::return_message(get_lang('NoConfigurationSettingsForThisPlugin'), 'warning');
 }
 
-if (isset($form) && $form->validate()) {
-    $values = $form->exportValues();
-    //api_delete_category_settings_by_subkey($plugin_name);
-    $access_url_id = api_get_current_access_url_id();
-    api_delete_settings_params(array('category = ? AND access_url = ? AND subkey = ? AND type = ? and variable <> ?' =>
-                                   array('Plugins', $access_url_id, $plugin_name, 'setting', "status")));
-    foreach ($values as $key => $value) {
-        $key = Database::escape_string($plugin_name.'_'.$key);
-        api_add_setting($value, $key, $plugin_name, 'setting', 'Plugins', $plugin_name, null, null, null, $_configuration['access_url'], 1);        
+if (isset($form)) {
+    if ($form->validate()) {
+        $values = $form->exportValues();
+        //api_delete_category_settings_by_subkey($plugin_name);
+        $access_url_id = api_get_current_access_url_id();
+        api_delete_settings_params(array('category = ? AND access_url = ? AND subkey = ? AND type = ? and variable <> ?' =>
+                                    array('Plugins', $access_url_id, $plugin_name, 'setting', "status")));
+        foreach ($values as $key => $value) {
+            $key = Database::escape_string($plugin_name.'_'.$key);
+            api_add_setting($value, $key, $plugin_name, 'setting', 'Plugins', $plugin_name, null, null, null, $_configuration['access_url'], 1);        
+        }
+        $message = Display::return_message(get_lang('ConfigurationSaved'), 'success');
     }
-} else {
-    $content = Display::return_message(get_lang('NoConfigurationSettingsForThisPlugin'), 'warning');
 }
 
 $tpl = new Template($tool_name);