Hi, I've been working on #440 (http://svn.gregarius.net/trac/ticket/440) and have added the following boolean config item (initially I was using php_sapi_name but then I realised update.php already detects when it is run from the command line): rss.config.restrictrefresh: Restrict refresh to command line only (eg php -f update.php). Useful for busy sites with multiple users. I've conditionally removed the 'Refresh' button from nav but would also like to neuter update.php and ideally anything that wants to call it (like automatic refreshes from javascript). Does anyone have any suggestions as to how this might be done easily/neatly/securely (when $cline is not set that is)? Sam The following patch against r1579 will at least remove the button $ svn diff Index: cls/nav.php =================================================================== --- cls/nav.php (revision 1579) +++ cls/nav.php (working copy) @@ -60,7 +60,9 @@ function Navigation() { $this->appendNavItem(getPath(),__('<span>H</span>ome'),LOCATION_HOME); - $this->appendNavItem(getPath().'update.php',__('<span>R</span>efresh'),LOCATION_UPDATE); + if (!getConfig('rss.config.restrictrefresh')) { + $this->appendNavItem(getPath().'update.php',__('<span>R</span>efresh'),LOCATION_UPDATE); + } $this->appendNavItem(getPath().'search.php',__('<span>S</span>earch'),LOCATION_SEARCH); $this->appendNavItem(getPath().'admin/',__('A<span>d</span>min'),LOCATION_ADMIN); Index: schema.php =================================================================== --- schema.php (revision 1579) +++ schema.php (working copy) @@ -450,6 +450,7 @@ "rss.config.absoluteordering"=> array("true","true","boolean","Allow feeds and folders to be ordered by their order in the admin section. If this option is set to false, channels and folders will be organized alphabetically by their titles.",NULL), "rss.config.robotsmeta" => array("noindex,follow","noindex,follow","string","How should spiders crawl us? (see http://www.robotstxt.org/wc/meta-user.html for more info).",NULL), "rss.config.serverpush" => array("true","true","boolean","Use the server push method when updating your feeds in the browser. The browsers that support this (Mozilla and Opera) will be autodetected. Turn this option off if you do not use one of these browsers or if you would like to use the Ajax update method",NULL), + "rss.config.restrictrefresh" => array("false","false","boolean","Restrict refresh to command line only (eg php -f update.php). Useful for busy sites with multiple users.",NULL), "rss.config.refreshafter" => array("45","45","num","If this option is set the feeds will be updated after keeping the browser open for x minutes. Please respect the feed providers by not setting this value to anything lower than thirty minutes. Set this variable to 0 turn this option off.",NULL), "rss.input.allowed" => array('a:21:{s:1:"a";a:2:{s:4:"href";i:1;s:5:"title";i:1;}s:1:"b";a:0:{}s:10:"blockquote";a:0:{}s:2:"br";a:0:{}s:4:"code";a:0:{}s:3:"del";a:0:{}s:2:"em";a:0:{}s:1:"i";a:0:{}s:3:"img";a:2:{s:3:"src";i:1;s:3:"alt";i:1;}s:3:"ins";a:0:{}s:2:"li";a:0:{}s:2:"ol";a:0:{}s:1:"p";a:0:{}s:3:"pre";a:0:{}s:3:"sup";a:0:{}s:5:"table";a:0:{}s:2:"td";a:0:{}s:2:"th";a:0:{}s:2:"tr";a:0:{}s:2:"tt";a:0:{}s:2:"ul";a:0:{}}','a:21:{s:1:"a";a:2:{s:4:"href";i:1;s:5:"title";i:1;}s:1:"b";a:0:{}s:10:"blockquote";a:0:{}s:2:"br";a:0:{}s:4:"code";a:0:{}s:3:"del";a:0:{}s:2:"em";a:0:{}s:1:"i";a:0:{}s:3:"img";a:2:{s:3:"src";i:1;s:3:"alt";i:1;}s:3:"ins";a:0:{}s:2:"li";a:0:{}s:2:"ol";a:0:{}s:1:"p";a:0:{}s:3:"pre";a:0:{}s:3:"sup";a:0:{}s:5:"table";a:0:{}s:2:"td";a:0:{}s:2:"th";a:0:{}s:2:"tr";a:0:{}s:2:"tt";a:0:{}s:2:"ul";a:0:{}}',"array","This variable controls input filtering. HTML tags and their attributes, which are not in this list, get filtered out when new RSS items are imported.",NULL), "rss.output.showfeedmeta" => array('false','false','boolean','Display meta-information (like a web- and rss/rdf/xml url) about each feed in the feed side-column.',NULL),