Project

General

Profile

« Previous | Next » 

Revision 1357

Added by FrankH almost 14 years ago

Security fixes

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12

  
13 13
------------------------------------- 2.8.2 -------------------------------------
14
27 Dec-2010 Build 1357 Frank Heyne (FrankH)
15
# security fix: in path admin/pages/ - added FTAN check
16
! had to enhance parameter for getFTAN() in framework/class.secureform.php 
14 17
27 Dec-2010 Build 1356 Dietmar Woellbrink (Luisehahne)
15 18
# more little fixes in settings
16 19
! change to RC2
branches/2.8.x/wb/admin/pages/move_down.php
48 48
require_once(WB_PATH.'/framework/class.admin.php');
49 49
$admin = new admin('Pages', 'pages_settings');
50 50

  
51
if (!$admin->checkFTAN('get'))
52
{
53
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
54
	exit();
55
}
56

  
51 57
// Include the ordering class
52 58
require(WB_PATH.'/framework/class.order.php');
53 59

  
branches/2.8.x/wb/admin/pages/save.php
35 35
require_once(WB_PATH.'/framework/class.admin.php');
36 36
$admin = new admin('Pages', 'pages_modify');
37 37

  
38
if (!$admin->checkFTAN())
39
{
40
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
41
	exit();
42
}
43

  
38 44
// Get perms
39 45
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
40 46
$sql .= 'WHERE `page_id` = '.$page_id;
......
89 95
{
90 96
	$admin->print_error($database->get_error(), $js_back);
91 97
} else {
92
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
98
	$ftan2 = $admin->getFTAN(2);
99
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL."/pages/modify.php?page_id=$page_id&$ftan2");
93 100
}
94 101

  
95 102
// Print admin footer
branches/2.8.x/wb/admin/pages/empty_trash.php
27 27
require_once(WB_PATH.'/framework/class.admin.php');
28 28
$admin = new admin('Pages', 'pages');
29 29

  
30
if (!$admin->checkFTAN('get'))
31
{
32
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
33
	exit();
34
}
35

  
30 36
// Include the WB functions file
31 37
require_once(WB_PATH.'/framework/functions.php');
32 38

  
33 39
// Get page list from database
34
$database = new database();
40
//$database = new database();
35 41
$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE visibility = 'deleted' ORDER BY level DESC";
36 42
$get_pages = $database->query($query);
37 43

  
branches/2.8.x/wb/admin/pages/settings.php
30 30
require_once(WB_PATH.'/framework/class.admin.php');
31 31
$admin = new admin('Pages', 'pages_settings');
32 32

  
33
if (!$admin->checkFTAN('get'))
34
{
35
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
36
	exit();
37
}
38

  
33 39
// Include the WB functions file
34 40
require_once(WB_PATH.'/framework/functions-utf8.php');
35 41

  
......
90 96
$template = new Template(THEME_PATH.'/templates');
91 97
$template->set_file('page', 'pages_settings.htt');
92 98
$template->set_block('page', 'main_block', 'main');
99
$template->set_var('FTAN', $admin->getFTAN());
93 100

  
94 101
$template->set_var(array(
95 102
				'PAGE_ID' => $results_array['page_id'],
branches/2.8.x/wb/admin/pages/delete.php
44 44
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
45 45
}
46 46

  
47
if (!$admin->checkFTAN('get'))
48
{
49
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
50
	exit();
51
}
52

  
47 53
// Find out more about the page
48 54
$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
49 55
$results = $database->query($query);
branches/2.8.x/wb/admin/pages/sections_save.php
46 46
require_once(WB_PATH.'/framework/class.admin.php');
47 47
$admin = new admin('Pages', 'pages_modify');
48 48

  
49
if (!$admin->checkFTAN())
50
{
51
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
52
	exit();
53
}
54

  
49 55
// Get perms
50 56
$database = new database();
51 57
$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
......
120 126
if($database->is_error()) {
121 127
	$admin->print_error($database->get_error(), ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
122 128
} else {
123
	$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
129
	$ftan2 = $admin->getFTAN(2);
130
	$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL."/pages/sections.php?page_id=$page_id&$ftan2");
124 131
}
125 132

  
126 133
// Print admin footer
branches/2.8.x/wb/admin/pages/index.php
19 19
require('../../config.php');
20 20
require_once(WB_PATH.'/framework/class.admin.php');
21 21
$admin = new admin('Pages', 'pages');
22

  
23
$ftan = $admin->getFTAN(2);
24

  
22 25
// Include the WB functions file
23 26
require_once(WB_PATH.'/framework/functions.php');
24 27
// eggsurplus: add child pages for a specific page
......
125 128
				</td>
126 129
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
127 130
				<td class="list_menu_title">
128
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
131
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
129 132
						<?php if($page['visibility'] == 'public') { ?>
130 133
							<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" />
131 134
						<?php } elseif($page['visibility'] == 'private') { ?>
......
176 179
				<td class="list_actions">
177 180
					<?php if($page['visibility'] != 'deleted') { ?>
178 181
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
179
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
182
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
180 183
							<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="<?php echo $TEXT['SETTINGS']; ?>" />
181 184
						</a>
182 185
						<?php } ?>
183 186
					<?php } else { ?>
184
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
187
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
185 188
							<img src="<?php echo THEME_URL; ?>/images/restore_16.png" border="0" alt="<?php echo $TEXT['RESTORE']; ?>" />
186 189
						</a>
187 190
					<?php } ?>
......
214 217
                        {
215 218
							$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png";
216 219
							?>
217
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
220
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
218 221
							<img src="<?php echo THEME_URL."/images/$file"; ?>" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" />
219 222
							</a>
220 223
						<?php } else { ?>
221
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
224
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
222 225
							<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a>
223 226
						<?php } ?>
224 227
					<?php } ?>
......
228 231
				<?php if($page['position'] != 1) { ?>
229 232
					<?php if($page['visibility'] != 'deleted') { ?>
230 233
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
231
						<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
234
						<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
232 235
							<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="<?php echo $TEXT['MOVE_UP']; ?>" />
233 236
						</a>
234 237
						<?php } ?>
......
239 242
				<?php if($page['position'] != $num_pages) { ?>
240 243
					<?php if($page['visibility'] != 'deleted') { ?>
241 244
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
242
						<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
245
						<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
243 246
							<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="<?php echo $TEXT['MOVE_DOWN']; ?>" />
244 247
						</a>
245 248
						<?php } ?>
......
248 251
				</td>
249 252
				<td class="list_actions">
250 253
					<?php if($admin->get_permission('pages_delete') == true AND $can_modify == true) { ?>
251
					<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
254
					<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
252 255
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="<?php echo $TEXT['DELETE']; ?>" />
253 256
					</a>
254 257
					<?php } ?>
......
301 304
					$query_trash = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE visibility = 'deleted'");
302 305
					if($query_trash->numRows() > 0) {
303 306
						?>
304
						<a href="<?php echo ADMIN_URL; ?>/pages/trash.php">
307
						<a href="<?php echo ADMIN_URL."/pages/trash.php?$ftan"; ?>">
305 308
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['PAGE_TRASH']; ?>" border="0" />
306 309
						<?php echo $TEXT['VIEW_DELETED_PAGES']; ?></a>
307 310
						<?php
......
349 352
$template = new Template(THEME_PATH.'/templates');
350 353
$template->set_file('page', 'pages.htt');
351 354
$template->set_block('page', 'main_block', 'main');
355
$template->set_var('FTAN', $admin->getFTAN());
352 356

  
353 357
// Figure out if the no pages found message should be shown or not
354 358
if($editable_pages == 0) {
branches/2.8.x/wb/admin/pages/move_up.php
48 48
require_once(WB_PATH.'/framework/class.admin.php');
49 49
$admin = new admin('Pages', 'pages_settings');
50 50

  
51
if (!$admin->checkFTAN('get'))
52
{
53
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
54
	exit();
55
}
56

  
51 57
// Include the ordering class
52 58
require(WB_PATH.'/framework/class.order.php');
53 59

  
branches/2.8.x/wb/admin/pages/trash.php
27 27
require_once(WB_PATH.'/framework/class.admin.php');
28 28
$admin = new admin('Pages', 'pages');
29 29

  
30
if (!$admin->checkFTAN('get'))
31
{
32
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
33
	exit();
34
}
35

  
30 36
?>
31 37
<script type="text/javascript" language="javascript">
32 38
function toggle_viewers() {
......
215 221

  
216 222
// Generate pages list
217 223
if($admin->get_permission('pages_view') == true) {
224
	$ftan2 = $admin->getFTAN(2);
218 225
	?>
219 226
	<table cellpadding="0" cellspacing="0" width="100%" border="0">
220 227
	<tr>
......
222 229
			<h2><?php echo $HEADING['DELETED_PAGES']; ?></h2>
223 230
		</td>
224 231
		<td align="right">
225
				<a href="<?php echo ADMIN_URL; ?>/pages/empty_trash.php">
232
				<a href="<?php echo ADMIN_URL. "/pages/empty_trash.php?$ftan2"; ?>">
226 233
				<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['PAGE_TRASH']; ?>" border="0" />
227 234
				<?php echo $TEXT['EMPTY_TRASH']; ?></a>
228 235
		</td>
branches/2.8.x/wb/admin/pages/settings2.php
30 30
require_once(WB_PATH.'/framework/class.admin.php');
31 31
$admin = new admin('Pages', 'pages_settings');
32 32

  
33
if (!$admin->checkFTAN())
34
{
35
	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
36
	exit();
37
}
38

  
33 39
// Include the WB functions file
34 40
require_once(WB_PATH.'/framework/functions.php');
35 41

  
......
199 205
$sql .= 'WHERE `page_id` = '.$page_id;
200 206
$database->query($sql);
201 207

  
202
$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
208
$ftan2 = $admin->getFTAN(2);
209
$target_url = ADMIN_URL."/pages/settings.php?page_id=$page_id&amp;$ftan2";
203 210
if($database->is_error())
204 211
{
205 212
	$admin->print_error($database->get_error(), $target_url );
......
296 303
/* END page "access file" code */
297 304

  
298 305
$pagetree_url = ADMIN_URL.'/pages/index.php';
299
$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
306
$ftan2 = $admin->getFTAN(2);
307
$target_url = ADMIN_URL."/pages/settings.php?page_id=$page_id&amp;$ftan2";
300 308
// Check if there is a db error, otherwise say successful
301 309
if($database->is_error())
302 310
{
branches/2.8.x/wb/admin/pages/restore.php
36 36
require_once(WB_PATH.'/framework/class.admin.php');
37 37
$admin = new admin('Pages', 'pages_delete');
38 38

  
39
if (!$admin->checkFTAN('get'))
40
{
41
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
42
	exit();
43
}
44

  
39 45
// Include the WB functions file
40 46
require_once(WB_PATH.'/framework/functions.php');
41 47

  
branches/2.8.x/wb/admin/pages/modify.php
24 24
	$page_id = $_GET['page_id'];
25 25
}
26 26

  
27
if (!$admin->checkFTAN('get'))
28
{
29
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
30
	exit();
31
}
32

  
27 33
// Create new admin object
28 34
require('../../config.php');
29 35
require_once(WB_PATH.'/framework/class.admin.php');
......
53 59
$template = new Template(THEME_PATH.'/templates');
54 60
$template->set_file('page', 'pages_modify.htt');
55 61
$template->set_block('page', 'main_block', 'main');
62
$template->set_var('FTAN2', $admin->getFTAN(2));
56 63

  
57 64
$template->set_var(array(
58 65
			'PAGE_ID' => $results_array['page_id'],
branches/2.8.x/wb/admin/pages/sections.php
41 41
require_once(WB_PATH.'/framework/class.admin.php');
42 42
$admin = new admin('Pages', 'pages_modify');
43 43

  
44
if (!$admin->checkFTAN('get') and !$admin->checkFTAN())
45
{
46
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
47
	exit();
48
}
49

  
44 50
// Check if we are supposed to add or delete a section
45 51
if(isset($_GET['section_id']) AND is_numeric($_GET['section_id']))
46 52
{
......
71 77
		require(WB_PATH.'/framework/class.order.php');
72 78
		$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
73 79
		$order->clean($page_id);
74
		$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
80
		$ftan2 = $admin->getFTAN(2);
81
		$admin->print_success($TEXT['SUCCESS'], ADMIN_URL."/pages/sections.php?page_id=$page_id&amp;$ftan2");
75 82
		$admin->print_footer();
76 83
		exit();
77 84
	}
......
172 179
$template = new Template(THEME_PATH.'/templates');
173 180
$template->set_file('page', 'pages_sections.htt');
174 181
$template->set_block('page', 'main_block', 'main');
182
$template->set_var('FTAN', $admin->getFTAN());
175 183
$template->set_block('main_block', 'module_block', 'module_list');
176 184
$template->set_block('main_block', 'section_block', 'section_list');
177 185
$template->set_block('section_block', 'block_block', 'block_list');
......
201 209
			);
202 210

  
203 211
// Insert variables
212
$ftan2 = $admin->getFTAN(2);
204 213
$template->set_var(array(
205 214
				'VAR_PAGE_ID' => $results_array['page_id'],
206 215
				'VAR_PAGE_TITLE' => $results_array['page_title'],
207
				'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'],
208
				'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']
216
				'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id']."&amp;$ftan2",
217
				'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']."&amp;$ftan2"
209 218
				) 
210 219
			);
211 220

  
......
232 241

  
233 242
			if(SECTION_BLOCKS)
234 243
            {
235
                if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
244
                
245
				if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
236 246
                {
237
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'&amp;wysiwyg='.$section['section_id'] .'">'.$module_tmp.'</a>';
247
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id."&amp;$ftan2&amp;wysiwyg=".$section['section_id'] .'">'.$module_tmp.'</a>';
238 248
                } else {
239
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#wb'.$section['section_id'].'">'.$module_tmp.'</a>';
249
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#wb'.$section['section_id'].."&amp;$ftan2"'">'.$module_tmp.'</a>';
240 250
                }
241 251
                $edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page;
242 252
				$input_attribute = 'input_normal';
......
267 277
					$template->parse('block_list', 'block_block', true);
268 278
				}
269 279
			} else {
270
				$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#'.$section['section_id'].'">'.$module_tmp.'</a>';
280
				$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#'.$section['section_id']."&amp;$ftan2".'">'.$module_tmp.'</a>';
271 281
                $edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page;
272 282
				$input_attribute = 'input_small';
273 283
				$template->set_var(array(
......
309 319
            {
310 320
				$template->set_var(
311 321
							'VAR_MOVE_UP_URL',
312
							'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
322
							'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id']."&amp;$ftan2".'">
313 323
							<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" />
314 324
							</a>' );
315 325
			} else {
......
321 331
			if($section['position'] != $num_sections ) {
322 332
				$template->set_var(
323 333
							'VAR_MOVE_DOWN_URL',
324
							'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
334
							'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id']."&amp;$ftan2".'">
325 335
							<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" />
326 336
							</a>' );
327 337
			} else {
branches/2.8.x/wb/admin/pages/add.php
21 21
require_once(WB_PATH.'/framework/class.admin.php');
22 22
$admin = new admin('Pages', 'pages_add');
23 23

  
24
if (!$admin->checkFTAN())
25
{
26
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
27
	exit();
28
}
29

  
24 30
// Include the WB functions file
25 31
require_once(WB_PATH.'/framework/functions.php');
26 32

  
branches/2.8.x/wb/framework/class.secureform.php
68 68
/*
69 69
 * creates Formular transactionnumbers for unique use
70 70
 * @access public
71
 * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)
72
 *                    false returns an array including FTAN0 and FTAN1
71
 * @param bool $asTAG: 	1 returns a complete prepared, hidden HTML-Input-Tag (default)
72
 * 						2 returns a key value pair (prepared as a GET parameter)
73
 *                    	anything else returns an array including FTAN0 and FTAN1
73 74
 * @return mixed:      array or string
74 75
 *
75 76
 * requirements: an active session must be available
76 77
 */
77
	function getFTAN( $as_tag = true)
78
	function getFTAN( $as_tag = 1)
78 79
	{
79 80
		if( $this->_FTAN == '')
80 81
		{
......
91 92
		}
92 93
		$ftan0 = 'a'.substr($this->_FTAN, -(10 + hexdec(substr($this->_FTAN, 1))), 10);
93 94
		$ftan1 = 'a'.substr($this->_FTAN, hexdec(substr($this->_FTAN, -1)), 10);
94
		if($as_tag == true)
95
		{
95
		if ($as_tag == 1) {
96 96
			return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />';
97
		}else{
97
		} elseif ($as_tag == 2) {
98
			return "$ftan0=$ftan1";
99
		} else {
98 100
			return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
99 101
		}
100 102
	}
branches/2.8.x/wb/templates/wb_theme/templates/pages.htt
2 2
<div class="{DISPLAY_ADD}">
3 3
    <h2>{HEADING_ADD_PAGE}</h2>
4 4
    <form name="add" action="add.php" method="post">
5
	{FTAN}
5 6
    <table cellpadding="2" cellspacing="0" border="0" width="100%" align="center">
6 7
    <tr>
7 8
    	<td width="70" height="20">{TEXT_TITLE}:</td>
branches/2.8.x/wb/templates/wb_theme/templates/pages_modify.htt
8 8
		{TEXT_CURRENT_PAGE}:
9 9
		<b>{PAGE_TITLE}</b>
10 10
		-
11
		<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}">{TEXT_CHANGE_SETTINGS}</a>
11
		<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}&amp;{FTAN2}">{TEXT_CHANGE_SETTINGS}</a>
12 12
<!-- BEGIN show_section_block -->
13 13
		<font style="{DISPLAY_MANAGE_SECTIONS}">-</font>
14
		<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
14
		<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}&amp;{FTAN2}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
15 15
<!-- END show_section_block -->
16 16
		<font style="color: #999999;" class="{CLASS_DISPLAY_MODIFIED}"><br />
17 17
<!-- BEGIN show_modify_block -->
branches/2.8.x/wb/templates/wb_theme/templates/pages_sections.htt
16 16
        </table>
17 17

  
18 18
        <form name="section_properties" action="{ADMIN_URL}/pages/sections_save.php?page_id={VAR_PAGE_ID}" method="post">
19
		{FTAN}
20
		
19 21
        <table cellpadding="5" cellspacing="0" align="center" border="0" width="100%">
20 22
                <tr class="sections_list">
21 23
                	<td valign="middle" width="{NAME_SIZE}">{TEXT_TYPE}:</td>
......
85 87
	<h2>{TEXT_ADD_SECTION}</h2>
86 88
	<form name="add" action="{ADMIN_URL}/pages/sections.php?page_id={VAR_PAGE_ID}" method="post">
87 89
        <input type="hidden" name="page_id" value="{VAR_PAGE_ID}"  />
90
		{FTAN}
88 91
    	<table cellpadding="5" cellspacing="0" border="0" align="center" width="100%">
89 92
    	<tr>
90 93
    		<td width="100%">
branches/2.8.x/wb/templates/wb_theme/templates/pages_settings.htt
26 26
<form name="settings" action="settings2.php" method="post">
27 27

  
28 28
<input type="hidden" name="page_id" value="{PAGE_ID}" />
29

  
29
{FTAN}
30 30
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center">
31 31
<tr>
32 32
	<td width="100" height="20">{TEXT_PAGE_TITLE}:</td>
branches/2.8.x/wb/templates/argos_theme/templates/pages.htt
4 4
<div class="{DISPLAY_ADD}">
5 5
<h2>{HEADING_ADD_PAGE}</h2>
6 6
<form name="add" action="add.php" method="post">
7
{FTAN}
7 8
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center">
8 9
  <tr>
9 10
	<td width="70" height="20">{TEXT_TITLE}:</td>
branches/2.8.x/wb/templates/argos_theme/templates/pages_modify.htt
8 8
		{TEXT_CURRENT_PAGE}:
9 9
		<b>{PAGE_TITLE}</b>
10 10
		- 
11
		<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}">{TEXT_CHANGE_SETTINGS}</a>
11
		<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}&amp;{FTAN2}">{TEXT_CHANGE_SETTINGS}</a>
12 12
<!-- BEGIN show_section_block -->
13 13
		<font style="{DISPLAY_MANAGE_SECTIONS}">-</font>
14
		<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
14
		<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}&amp;{FTAN2}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
15 15
<!-- END show_section_block -->
16 16
		<font style="color:#999;" class="{CLASS_DISPLAY_MODIFIED}"><br />
17 17
<!-- BEGIN show_modify_block -->
branches/2.8.x/wb/templates/argos_theme/templates/pages_sections.htt
14 14
</table>
15 15

  
16 16
        <form name="section_properties" action="{ADMIN_URL}/pages/sections_save.php?page_id={VAR_PAGE_ID}" method="post">
17
		{FTAN}
17 18
		
18 19
        <table cellpadding="0" cellspacing="0" border="0" width="100%" class="img_noborder">
19 20
			<tr class="sections_list">
......
81 82
	<h2>{TEXT_ADD_SECTION}</h2>
82 83
	<form name="add" action="{ADMIN_URL}/pages/sections.php?page_id={VAR_PAGE_ID}" method="post">
83 84
        <input type="hidden" name="page_id" value="{VAR_PAGE_ID}"  />
85
		{FTAN}
84 86
    	<table cellpadding="5" cellspacing="0" border="0" align="center" width="100%">
85 87
    	<tr>
86 88
    		<td width="50%" valign="middle">
branches/2.8.x/wb/templates/argos_theme/templates/pages_settings.htt
24 24
<form name="settings" action="settings2.php" method="post">
25 25

  
26 26
<input type="hidden" name="page_id" value="{PAGE_ID}" />
27
{FTAN}
27 28

  
28 29
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center">
29 30
<tr>

Also available in: Unified diff