brute-force changed access to $_GET['key'] to use get_array instead

[plewww.git] / planetlab / tags / tag.php

diff --git a/planetlab/tags/tag.php b/planetlab/tags/tag.php
index d4458cf..4f881fb 100644 (file)
--- a/planetlab/tags/tag.php
+++ b/planetlab/tags/tag.php
@@ -21,7 +21,7 @@ require_once 'toggle.php';
 
 // -------------------- 
 // recognized URL arguments
-$tag_type_id=intval($_GET['id']);
+$tag_type_id=intval(get_array($_GET, 'id'));
 if ( ! $tag_type_id ) { 
   plc_error('Malformed URL - id not set'); 
   return;
@@ -153,11 +153,11 @@ if ($can_manage_roles) {
   // add
   // compute the roles that can be added
   if ($can_manage_roles) 
-    // all roles
+    // all roles - don't exclude 'node' as it's actually meaningful for some tags
     $exclude_role_ids=array();
   else
-    // all roles except admin and pi
-    $exclude_role_ids=array(10,20);
+    // all roles except admin and pi, and node to avoid confusing people
+    $exclude_role_ids=array(10,20,50);
   $possible_roles = roles_except($api->GetRoles(),$exclude_role_ids);
   $roles_to_add = roles_except ($possible_roles,$role_ids);
   if ( $roles_to_add ) {