/ - Diff - WB 2.08.x - Tracking

     ! = Update/Change
     ------------------------------------- 2.8.2 -------------------------------------
 Dec-2010 Build 1355 Frank Heyne (FrankH)
     # security fix: remaining vulnerabilities mentioned in http://secunia.com/secunia_research/2010-90/
     # security fix: in path admin/templates/ - added FTAN check
     # security fix: in path admin/settings/ - added FTAN check
 Dec-2010 Dietmar Woellbrink (Luisehahne)
     + added admin/images
     # fixed save handling settings entries
     ! local sync
 Dec-2010 Frank Heyne (FrankH)
 Dec-2010 Build 1353 Frank Heyne (FrankH)
     # security fix: in modules/admin.php - check whether section belongs to page
     ! security fix: changed $section_required into $no_section_required (apparently used by no module at all)
     # security fix: in path admin/users/ - added FTAN check

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Addons', 'templates_uninstall');
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
     	exit();
+    }
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions.php');

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Addons', 'templates_view',false);
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
     	exit();
+    }
     // Get template name
     if(!isset($_POST['file']) OR $_POST['file'] == "") {
     	header("Location: index.php");
-...
     $template = new Template(THEME_PATH.'/templates');
     $template->set_file('page', 'templates_details.htt');
     $template->set_block('page', 'main_block', 'main');
     $template->set_var('FTAN', $admin->getFTAN());
     // Insert values
     $result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'template' AND directory = '$file'");

     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Addons', 'templates_install');
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
     	exit();
+    }
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions.php');

branches/2.8.x/wb/admin/templates/index.php
32	32	$template = new Template(THEME_PATH.'/templates');
33	33	$template->set_file('page', 'templates.htt');
34	34	$template->set_block('page', 'main_block', 'main');
	35	$template->set_var('FTAN', $admin->getFTAN());
35	36
36	37	// Insert values into template list
37	38	$template->set_block('main_block', 'template_list_block', 'template_list');

branches/2.8.x/wb/admin/interface/version.php
52	52
53	53	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54	54	if(!defined('VERSION')) define('VERSION', '2.8.2.RC1');
55		if(!defined('REVISION')) define('REVISION', '1354');
	55	if(!defined('REVISION')) define('REVISION', '1355');
56	56
57	57	?>

     	$admin = new admin('Settings', 'settings_advanced');
+    }
     if( !$admin->checkFTAN() )
+    {
     	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
     	exit();
+    }
     // Create a javascript back link
     $js_back = "javascript: history.go(-1);";

branches/2.8.x/wb/admin/settings/index.php
35	35
36	36	$template->set_file('page', 'settings.htt');
37	37	$template->set_block('page', 'main_block', 'main');
	38	$template->set_var('FTAN', $admin->getFTAN());
38	39
39	40	$template->set_block('main_block', 'template_list_block', 'template_list');
40	41	$template->set_block('main_block', 'timezone_list_block', 'timezone_list');

     {CHANGE_TEMPLATE_NOTICE}<br /><br />
     <form name="install" enctype="multipart/form-data" action="install.php" method="post" class="{DISPLAY_INSTALL}">
     {FTAN}
     <h2>{HEADING_INSTALL_TEMPLATE}</h2>
-...
     </form>
     <form name="uninstall" action="uninstall.php" method="post" class="{DISPLAY_UNINSTALL}">
     {FTAN}
     <h2>{HEADING_UNINSTALL_TEMPLATE}</h2>
-...
     </form>
     <form name="details" action="details.php" method="post" class="{DISPLAY_LIST}">
     {FTAN}
     <h2>{HEADING_TEMPLATE_DETAILS}</h2>

branches/2.8.x/wb/templates/wb_theme/templates/settings.htt
2	2
3	3	<form name="settings" action="save.php" method="post">
4	4	<input type="hidden" name="advanced" value="{ADVANCED}" />
	5	{FTAN}
5	6
6	7	<table cellpadding="3" cellspacing="0" border="0" align="center" width="100%" class="settings_table">
7	8	<tr>

branches/2.8.x/wb/templates/argos_theme/templates/settings.htt
2	2
3	3	<form name="settings" action="save.php" method="post">
4	4	<input type="hidden" name="advanced" value="{ADVANCED}" />
	5	{FTAN}
5	6
6	7	<table cellpadding="3" cellspacing="0" border="0" align="center" width="100%" class="settings_table">
7	8	<tr>

     </table>
     <form name="install" enctype="multipart/form-data" action="install.php" method="post" class="{DISPLAY_INSTALL}">
     {FTAN}
     <h2>{HEADING_INSTALL_TEMPLATE}</h2>
-...
     </form>
     <form name="uninstall" action="uninstall.php" method="post" class="{DISPLAY_UNINSTALL}">
     {FTAN}
     <h2>{HEADING_UNINSTALL_TEMPLATE}</h2>
-...
     </form>
     <form name="details" action="details.php" method="post" class="{DISPLAY_LIST}">
     {FTAN}
     <h2>{HEADING_TEMPLATE_DETAILS}</h2>

     if($admin->get_post('title') == '' OR $admin->get_post('type') == '') {
     	$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'&section_id='.$section_id.'&field_id='.$field_id);
     } else {
     	$title = $admin->add_slashes($admin->get_post('title'));
     	$title = htmlspecialchars($admin->get_post_escaped('title'), ENT_QUOTES);
     	$type = $admin->add_slashes($admin->get_post('type'));
     	$required = $admin->add_slashes($admin->get_post('required'));
     	$required = (int) $admin->add_slashes($admin->get_post('required'));
+    }
     $value = '';

WB 2.08.x