Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1336)
+++ branches/2.8.x/CHANGELOG	(revision 1337)
@@ -12,6 +12,9 @@
 
 ------------------------------------- 2.8.1 -------------------------------------
 27-Apr-2010 Dietmar Woellbrink (Luisehahne)
++	add an extra class class.secureform.php and extends it to class.wb.php
+!	check for installed modules before loading in content 
+27-Apr-2010 Dietmar Woellbrink (Luisehahne)
 !	remove forgotten debug line
 27-Apr-2010 Dietmar Woellbrink (Luisehahne)
 #	Fixed update search settings
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1336)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1337)
@@ -52,6 +52,6 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.x');
-if(!defined('REVISION')) define('REVISION', '1336');
+if(!defined('REVISION')) define('REVISION', '1337');
 
 ?>
\ No newline at end of file
Index: branches/2.8.x/wb/framework/class.wb.php
===================================================================
--- branches/2.8.x/wb/framework/class.wb.php	(revision 1336)
+++ branches/2.8.x/wb/framework/class.wb.php	(revision 1337)
@@ -24,12 +24,15 @@
 // Include new wbmailer class (subclass of PHPmailer)
 require_once(WB_PATH."/framework/class.wbmailer.php");
 
-class wb
+require_once(WB_PATH."/framework/class.secureform.php");
+
+class wb extends SecureForm
 {
 
 	var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
 	// General initialization function
 	// performed when frontend or backend is loaded.
+
 	function wb() {
 	}
 
@@ -272,95 +275,30 @@
 		}
 	}
 
-/*
- * creates Formular transactionnumbers for unique use
- * @access public
- * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)
- *                    false returns an array including FTAN0 and FTAN1
- * @return mixed:      array or string
- *
- * requirements: an active session must be available
- */
-	function getFTAN( $as_tag = true)
-	{
-		if(function_exists('microtime'))
-		{
-			list($usec, $sec) = explode(" ", microtime());
-			$time = (string)((float)$usec + (float)$sec);
-		}else{
-			$time = (string)time();
-		}
-		$salt  = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '');
-		$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '');
-		$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '');
-		$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');
-		$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : '');
-		$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
-		$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '');
-		$salt  = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice';
-		$ftan = md5($time.$salt);
-		$_SESSION['FTAN'] = $ftan;
-		$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
-		$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
-		if($as_tag == true)
-		{
-			return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />';
-		}else{
-			return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
-		}
+	// Print a success message which then automatically redirects the user to another page
+	function print_success( $message, $redirect = 'index.php' ) {
+	    global $TEXT;
+	    // fetch redirect timer for sucess messages from settings table
+	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
+	    // add template variables
+	    $tpl = new Template( THEME_PATH.'/templates' );
+	    $tpl->set_file( 'page', 'success.htt' );
+	    $tpl->set_block( 'page', 'main_block', 'main' );
+	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
+	    $tpl->set_var( 'MESSAGE', $message );
+	    $tpl->set_var( 'REDIRECT', $redirect );
+	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
+	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
+	    if ($redirect_timer == 0) {
+	        $tpl->set_block( 'show_redirect', '' );
+	    }
+	    else {
+	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
+	    }
+	    $tpl->parse( 'main', 'main_block', false );
+	    $tpl->pparse( 'output', 'page' );
 	}
 
-/*
- * checks received form-transactionnumbers against session-stored one
- * @access public
- * @param string $mode: requestmethode POST(default) or GET
- * @return bool:    true if numbers matches against stored ones
- *
- * requirements: an active session must be available
- * this check will prevent from multiple sending a form. history.back() also will never work
- */
-	function checkFTAN( $mode = 'POST')
-	{
-		$retval = false;
-		if(isset($_SESSION['FTAN']) && strlen($_SESSION['FTAN']) == strlen(md5('dummy')))
-		{
-			$ftan = $_SESSION['FTAN'];
-			$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
-			$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
-			unset($_SESSION['FTAN']);
-			if(strtoupper($mode) == 'POST')
-			{
-				$retval = (isset($_POST[$ftan0]) && $_POST[$ftan0] == ($ftan1));
-				$_POST[$ftan0] = '';
-			}else{
-				$retval = (isset($_GET[$ftan0]) && $_GET[$ftan0] == ($ftan1));
-				$_GET[$ftan0] = '';
-			}
-		}
-		return $retval;
-	}
-	
-	// Print a success message which then automatically redirects the user to another page
-	function print_success($message, $redirect = 'index.php') {
-		global $TEXT, $database;
-		
-		// fetch redirect timer for sucess messages from settings table
-		$table = TABLE_PREFIX . 'settings';
-		$results = @$database->get_one("SELECT `value` FROM `$table` WHERE `name` = 'redirect_timer'");
-		$redirect_timer = ($results) ? $results : '1500';
-
-		// add template variables
-		$success_template = new Template(THEME_PATH.'/templates');
-		$success_template->set_file('page', 'success.htt');
-		$success_template->set_block('page', 'main_block', 'main');
-		$success_template->set_var('MESSAGE', $message);
-		$success_template->set_var('REDIRECT', $redirect);
-		$success_template->set_var('REDIRECT_TIMER', $redirect_timer);
-		$success_template->set_var('NEXT', $TEXT['NEXT']);
-		$success_template->parse('main', 'main_block', false);
-		$success_template->pparse('output', 'page');
-	}
-	
 	// Print an error message
 	function print_error($message, $link = 'index.php', $auto_footer = true) {
 		global $TEXT;
Index: branches/2.8.x/wb/framework/class.secureform.php
===================================================================
--- branches/2.8.x/wb/framework/class.secureform.php	(nonexistent)
+++ branches/2.8.x/wb/framework/class.secureform.php	(revision 1337)
@@ -0,0 +1,116 @@
+<?php
+/**
+ *
+ * @category        security
+ * @package         framework
+ * @author          ISTeam easy-Project
+ * @copyright       2009-2010, Independend-Software-Team
+ * @link            http://easy.isteam.de/
+ * @license         http://creativecommons.org/licenses/by-nc-nd/3.0/de/
+ * @platform        WebsiteBaker 2.8.x
+ * @requirements    PHP 4.4.9 and higher
+ * @version         $Id$
+ * @filesource      $HeadURL$
+ * @lastmodified    $Date$
+ *
+ * SecureForm
+ * Version 0.1
+ *
+ * creates Formular transactionnumbers for unique use
+ */
+
+class SecureForm {
+
+	/* insert global vars here... */
+
+	var $_FTAN  = '';
+	var $_IDKEYs = array();
+
+	function SecureForm()
+	{
+//		$this->__construct();
+		$this->_FTAN  = '';
+// 		if(isset($_SESSION['FTAN'])) { unset($_SESSION['FTAN']); }
+	}
+//	function __construct()
+//	{
+//		var $_FTAN  = '';
+//		if(isset($_SESSION['FTAN'])) { unset($_SESSION['FTAN']); }
+//	}
+
+/*
+ * creates Formular transactionnumbers for unique use
+ * @access public
+ * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)
+ *                    false returns an array including FTAN0 and FTAN1
+ * @return mixed:      array or string
+ *
+ * requirements: an active session must be available
+ */
+	function getFTAN( $as_tag = true)
+	{
+		if( $this->_FTAN == '')
+		{
+			if(function_exists('microtime'))
+			{
+				list($usec, $sec) = explode(" ", microtime());
+				$time = (string)((float)$usec + (float)$sec);
+			}else{
+				$time = (string)time();
+			}
+			$salt  = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '');
+			$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '');
+			$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '');
+			$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');
+			$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : '');
+			$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
+			$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '');
+			$salt  = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice';
+			$this->_FTAN = md5($time.$salt);
+			$_SESSION['FTAN'] = $this->_FTAN;
+		}
+		$ftan0 = 'a'.substr($this->_FTAN, -(10 + hexdec(substr($this->_FTAN, 1))), 10);
+		$ftan1 = 'a'.substr($this->_FTAN, hexdec(substr($this->_FTAN, -1)), 10);
+		if($as_tag == true)
+		{
+			return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />';
+		}else{
+			return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
+		}
+	}
+
+/*
+ * checks received form-transactionnumbers against session-stored one
+ * @access public
+ * @param string $mode: requestmethode POST(default) or GET
+ * @return bool:    true if numbers matches against stored ones
+ *
+ * requirements: an active session must be available
+ * this check will prevent from multiple sending a form. history.back() also will never work
+ */
+	function checkFTAN( $mode = 'POST')
+	{
+		$retval = false;
+		if(isset($_SESSION['FTAN']) && strlen($_SESSION['FTAN']) == strlen(md5('dummy')))
+		{
+			$ftan = $_SESSION['FTAN'];
+			$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
+			$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
+			unset($_SESSION['FTAN']);
+			if(strtoupper($mode) == 'POST')
+			{
+				$retval = (isset($_POST[$ftan0]) && $_POST[$ftan0] == ($ftan1));
+				$_POST[$ftan0] = '';
+			}else{
+				$retval = (isset($_GET[$ftan0]) && $_GET[$ftan0] == ($ftan1));
+				$_GET[$ftan0] = '';
+			}
+		}
+		return $retval;
+	}
+
+
+
+    //put your code here
+}
+?>

Property changes on: branches/2.8.x/wb/framework/class.secureform.php
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1,4 ##
+Id
+Revision
+HeadURL
+Date
\ No newline at end of property
Index: branches/2.8.x/wb/framework/frontend.functions.php
===================================================================
--- branches/2.8.x/wb/framework/frontend.functions.php	(revision 1336)
+++ branches/2.8.x/wb/framework/frontend.functions.php	(revision 1337)
@@ -258,12 +258,16 @@
 				if(defined('SEC_ANCHOR') && SEC_ANCHOR!='') {
 					echo '<a class="section_anchor" id="'.SEC_ANCHOR.$section_id.'" name="'.SEC_ANCHOR.$section_id.'"></a>';
 				}
-
+                // check if module exists - feature: write in errorlog
+				if(file_exists(WB_PATH.'/modules/'.$module.'/view.php')) {
 				// fetch content -- this is where to place possible output-filters (before highlighting)
-				ob_start(); // fetch original content
-				require(WB_PATH.'/modules/'.$module.'/view.php');
-				$content = ob_get_contents();
-				ob_end_clean();
+					ob_start(); // fetch original content
+					require(WB_PATH.'/modules/'.$module.'/view.php');
+					$content = ob_get_contents();
+					ob_end_clean();
+				} else {
+					continue;
+				}
 
 				// highlights searchresults
 				if(isset($_GET['searchresult']) && is_numeric($_GET['searchresult']) && !isset($_GET['nohighlight']) && isset($_GET['sstring']) && !empty($_GET['sstring'])) {