add basic safe mode which doesn't load any user plugins

2 files changed, 6 insertions, 0 deletions

diff --git a/classes/handler/public.php b/classes/handler/public.php
index a735b1931..822ad1fd9 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -673,6 +673,7 @@ class Handler_Public extends Handler {
 			$login = clean($_POST["login"]);
 			$password = clean($_POST["password"]);
 			$remember_me = clean($_POST["remember_me"]);
+			$safe_mode = checkbox_to_sql_bool(clean($_POST["safe_mode"]));
 
 			if ($remember_me) {
 				@session_set_cookie_params(SESSION_COOKIE_LIFETIME);
@@ -689,6 +690,7 @@ class Handler_Public extends Handler {
 
 				$_SESSION["ref_schema_version"] = get_schema_version(true);
 				$_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]);
+				$_SESSION["safe_mode"] = $safe_mode;
 
 				if (clean($_POST["profile"])) {
 
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index 25aac9964..ac2684683 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -858,6 +858,10 @@ class Pref_Prefs extends Handler_Protected {
 			print_warning("Your PHP configuration has open_basedir restrictions enabled. Some plugins relying on CURL for functionality may not work correctly.");
 		}
 
+		if ($_SESSION["safe_mode"]) {
+			print_error("You have logged in using safe mode, no user plugins will be actually enabled until you login again.");
+		}
+
 		$feed_handler_whitelist = [ "Af_Comics" ];
 
 		$feed_handlers = array_merge(