let admin.php without parameters redirect to index.php, and document restrict_setup_to_admin setting (fixes #55)

config/example-config.php

@@ -64,6 +64,13 @@ $c->pg_connect[] = "dbname=davical user=davical_app";
 */
 $c->admin_email ='calendar-admin@example.com';
 
+/**
+* Set this to 'true' in order to restrict the /setup.php page (which contains
+* the entire phpinfo() output) to 'Administrator' users.
+* Default: false
+*/
+// $c->restrict_setup_to_admin = true;
+
 /**
 * The "enable_row_linking" option controls whether javascript is used
 * to make the entire row clickable in browse lists in the administration

htdocs/admin.php

@@ -10,6 +10,10 @@ require_once('AwlQuery.php');
 param_to_global('action', '{(edit|browse)}', 'action');
 param_to_global('component', '{[a-z0-9-_]+}', 't');
 param_to_global('id', '{[a-z0-9-_]+}', 'id');
+if ( ! $action || ! $component ) {
+    header('Location: index.php');
+    @ob_flush(); exit(0);
+}
 
 $c->stylesheets[] = 'css/'.$action.'.css';
 if ( $c->enable_row_linking ) {