Project

General

Profile

« Previous | Next » 

Revision 1475

Added by Dietmar almost 13 years ago

+ add SecureForm.mtab.php under mantennance by WebsiteBaker Community
! security fixes media, groups, users, sections
  1. change lang variable to remove upgrade-script
    ! reworked add sections in pages
    ! fix set empty href in show_menu2
    ! set show_menu2 version to 4.9.6
    ! reworked Droplet LoginBox, add redirect query
    - remove unneeded folder js
    ! set Droplet to version 1.1.0
    + add checkboxes to change frontend absolute url to relative urls
    ! set output_filter version to 0.2

View differences:

settings2.php
56 56 
// Get values
57 57 
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
58 58 
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
59 
$page_code = (int) $admin->get_post_escaped('page_code');
59 
$page_code = intval($admin->get_post('page_code')) ;
60 60 
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
61 61 
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
62 
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
62 
$parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3
63 63 
$visibility = $admin->get_post_escaped('visibility');
64 64 
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3
65 
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3
66 
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));
65 
$template = preg_replace("/\W/", "", $admin->get_post('template')); // fix secunia 2010-93-3
66 
$target = preg_replace("/\W/", "", $admin->get_post('target'));
67 67 
$admin_groups = $admin->get_post_escaped('admin_groups');
68 68 
$viewing_groups = $admin->get_post_escaped('viewing_groups');
69 
$searching = (int) $admin->get_post_escaped('searching');
69 
$searching = intval($admin->get_post('searching'));
70 70 
$language = strtoupper($admin->get_post('language'));
71 71 
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
72 
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3
72 
$menu = intval($admin->get_post('menu')); // fix secunia 2010-91-3
73 73 

  		




  74
  74
  
    
// Validate data


  		




  75
  75
  
    
if($page_title == '' || substr($page_title,0,1)=='.')


  		




  ......




  325
  325
  
    

  		




  326
  326
  
    
// Print admin footer


  		




  327
  327
  
    
$admin->print_footer();


  		




  328
  
  
    

  		




  329
  
  
    
?>


  		












Also available in:  Unified diff