Revision 1357
Added by FrankH almost 14 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
14 |
27 Dec-2010 Build 1357 Frank Heyne (FrankH) |
|
15 |
# security fix: in path admin/pages/ - added FTAN check |
|
16 |
! had to enhance parameter for getFTAN() in framework/class.secureform.php |
|
14 | 17 |
27 Dec-2010 Build 1356 Dietmar Woellbrink (Luisehahne) |
15 | 18 |
# more little fixes in settings |
16 | 19 |
! change to RC2 |
branches/2.8.x/wb/admin/pages/move_down.php | ||
---|---|---|
48 | 48 |
require_once(WB_PATH.'/framework/class.admin.php'); |
49 | 49 |
$admin = new admin('Pages', 'pages_settings'); |
50 | 50 |
|
51 |
if (!$admin->checkFTAN('get')) |
|
52 |
{ |
|
53 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
54 |
exit(); |
|
55 |
} |
|
56 |
|
|
51 | 57 |
// Include the ordering class |
52 | 58 |
require(WB_PATH.'/framework/class.order.php'); |
53 | 59 |
|
branches/2.8.x/wb/admin/pages/save.php | ||
---|---|---|
35 | 35 |
require_once(WB_PATH.'/framework/class.admin.php'); |
36 | 36 |
$admin = new admin('Pages', 'pages_modify'); |
37 | 37 |
|
38 |
if (!$admin->checkFTAN()) |
|
39 |
{ |
|
40 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
41 |
exit(); |
|
42 |
} |
|
43 |
|
|
38 | 44 |
// Get perms |
39 | 45 |
$sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; |
40 | 46 |
$sql .= 'WHERE `page_id` = '.$page_id; |
... | ... | |
89 | 95 |
{ |
90 | 96 |
$admin->print_error($database->get_error(), $js_back); |
91 | 97 |
} else { |
92 |
$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); |
|
98 |
$ftan2 = $admin->getFTAN(2); |
|
99 |
$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL."/pages/modify.php?page_id=$page_id&$ftan2"); |
|
93 | 100 |
} |
94 | 101 |
|
95 | 102 |
// Print admin footer |
branches/2.8.x/wb/admin/pages/empty_trash.php | ||
---|---|---|
27 | 27 |
require_once(WB_PATH.'/framework/class.admin.php'); |
28 | 28 |
$admin = new admin('Pages', 'pages'); |
29 | 29 |
|
30 |
if (!$admin->checkFTAN('get')) |
|
31 |
{ |
|
32 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
33 |
exit(); |
|
34 |
} |
|
35 |
|
|
30 | 36 |
// Include the WB functions file |
31 | 37 |
require_once(WB_PATH.'/framework/functions.php'); |
32 | 38 |
|
33 | 39 |
// Get page list from database |
34 |
$database = new database(); |
|
40 |
//$database = new database();
|
|
35 | 41 |
$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE visibility = 'deleted' ORDER BY level DESC"; |
36 | 42 |
$get_pages = $database->query($query); |
37 | 43 |
|
branches/2.8.x/wb/admin/pages/settings.php | ||
---|---|---|
30 | 30 |
require_once(WB_PATH.'/framework/class.admin.php'); |
31 | 31 |
$admin = new admin('Pages', 'pages_settings'); |
32 | 32 |
|
33 |
if (!$admin->checkFTAN('get')) |
|
34 |
{ |
|
35 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
36 |
exit(); |
|
37 |
} |
|
38 |
|
|
33 | 39 |
// Include the WB functions file |
34 | 40 |
require_once(WB_PATH.'/framework/functions-utf8.php'); |
35 | 41 |
|
... | ... | |
90 | 96 |
$template = new Template(THEME_PATH.'/templates'); |
91 | 97 |
$template->set_file('page', 'pages_settings.htt'); |
92 | 98 |
$template->set_block('page', 'main_block', 'main'); |
99 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
93 | 100 |
|
94 | 101 |
$template->set_var(array( |
95 | 102 |
'PAGE_ID' => $results_array['page_id'], |
branches/2.8.x/wb/admin/pages/delete.php | ||
---|---|---|
44 | 44 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
45 | 45 |
} |
46 | 46 |
|
47 |
if (!$admin->checkFTAN('get')) |
|
48 |
{ |
|
49 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
50 |
exit(); |
|
51 |
} |
|
52 |
|
|
47 | 53 |
// Find out more about the page |
48 | 54 |
$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"; |
49 | 55 |
$results = $database->query($query); |
branches/2.8.x/wb/admin/pages/sections_save.php | ||
---|---|---|
46 | 46 |
require_once(WB_PATH.'/framework/class.admin.php'); |
47 | 47 |
$admin = new admin('Pages', 'pages_modify'); |
48 | 48 |
|
49 |
if (!$admin->checkFTAN()) |
|
50 |
{ |
|
51 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
52 |
exit(); |
|
53 |
} |
|
54 |
|
|
49 | 55 |
// Get perms |
50 | 56 |
$database = new database(); |
51 | 57 |
$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'"); |
... | ... | |
120 | 126 |
if($database->is_error()) { |
121 | 127 |
$admin->print_error($database->get_error(), ADMIN_URL.'/pages/sections.php?page_id='.$page_id); |
122 | 128 |
} else { |
123 |
$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id); |
|
129 |
$ftan2 = $admin->getFTAN(2); |
|
130 |
$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL."/pages/sections.php?page_id=$page_id&$ftan2"); |
|
124 | 131 |
} |
125 | 132 |
|
126 | 133 |
// Print admin footer |
branches/2.8.x/wb/admin/pages/index.php | ||
---|---|---|
19 | 19 |
require('../../config.php'); |
20 | 20 |
require_once(WB_PATH.'/framework/class.admin.php'); |
21 | 21 |
$admin = new admin('Pages', 'pages'); |
22 |
|
|
23 |
$ftan = $admin->getFTAN(2); |
|
24 |
|
|
22 | 25 |
// Include the WB functions file |
23 | 26 |
require_once(WB_PATH.'/framework/functions.php'); |
24 | 27 |
// eggsurplus: add child pages for a specific page |
... | ... | |
125 | 128 |
</td> |
126 | 129 |
<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?> |
127 | 130 |
<td class="list_menu_title"> |
128 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"> |
|
131 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
129 | 132 |
<?php if($page['visibility'] == 'public') { ?> |
130 | 133 |
<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" /> |
131 | 134 |
<?php } elseif($page['visibility'] == 'private') { ?> |
... | ... | |
176 | 179 |
<td class="list_actions"> |
177 | 180 |
<?php if($page['visibility'] != 'deleted') { ?> |
178 | 181 |
<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?> |
179 |
<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>"> |
|
182 |
<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
|
|
180 | 183 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="<?php echo $TEXT['SETTINGS']; ?>" /> |
181 | 184 |
</a> |
182 | 185 |
<?php } ?> |
183 | 186 |
<?php } else { ?> |
184 |
<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>"> |
|
187 |
<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
|
|
185 | 188 |
<img src="<?php echo THEME_URL; ?>/images/restore_16.png" border="0" alt="<?php echo $TEXT['RESTORE']; ?>" /> |
186 | 189 |
</a> |
187 | 190 |
<?php } ?> |
... | ... | |
214 | 217 |
{ |
215 | 218 |
$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png"; |
216 | 219 |
?> |
217 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>"> |
|
220 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
|
|
218 | 221 |
<img src="<?php echo THEME_URL."/images/$file"; ?>" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /> |
219 | 222 |
</a> |
220 | 223 |
<?php } else { ?> |
221 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>"> |
|
224 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
|
|
222 | 225 |
<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a> |
223 | 226 |
<?php } ?> |
224 | 227 |
<?php } ?> |
... | ... | |
228 | 231 |
<?php if($page['position'] != 1) { ?> |
229 | 232 |
<?php if($page['visibility'] != 'deleted') { ?> |
230 | 233 |
<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?> |
231 |
<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>"> |
|
234 |
<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
232 | 235 |
<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="<?php echo $TEXT['MOVE_UP']; ?>" /> |
233 | 236 |
</a> |
234 | 237 |
<?php } ?> |
... | ... | |
239 | 242 |
<?php if($page['position'] != $num_pages) { ?> |
240 | 243 |
<?php if($page['visibility'] != 'deleted') { ?> |
241 | 244 |
<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?> |
242 |
<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>"> |
|
245 |
<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
243 | 246 |
<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="<?php echo $TEXT['MOVE_DOWN']; ?>" /> |
244 | 247 |
</a> |
245 | 248 |
<?php } ?> |
... | ... | |
248 | 251 |
</td> |
249 | 252 |
<td class="list_actions"> |
250 | 253 |
<?php if($admin->get_permission('pages_delete') == true AND $can_modify == true) { ?> |
251 |
<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>"> |
|
254 |
<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']."&$ftan"; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
252 | 255 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="<?php echo $TEXT['DELETE']; ?>" /> |
253 | 256 |
</a> |
254 | 257 |
<?php } ?> |
... | ... | |
301 | 304 |
$query_trash = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE visibility = 'deleted'"); |
302 | 305 |
if($query_trash->numRows() > 0) { |
303 | 306 |
?> |
304 |
<a href="<?php echo ADMIN_URL; ?>/pages/trash.php">
|
|
307 |
<a href="<?php echo ADMIN_URL."/pages/trash.php?$ftan"; ?>">
|
|
305 | 308 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['PAGE_TRASH']; ?>" border="0" /> |
306 | 309 |
<?php echo $TEXT['VIEW_DELETED_PAGES']; ?></a> |
307 | 310 |
<?php |
... | ... | |
349 | 352 |
$template = new Template(THEME_PATH.'/templates'); |
350 | 353 |
$template->set_file('page', 'pages.htt'); |
351 | 354 |
$template->set_block('page', 'main_block', 'main'); |
355 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
352 | 356 |
|
353 | 357 |
// Figure out if the no pages found message should be shown or not |
354 | 358 |
if($editable_pages == 0) { |
branches/2.8.x/wb/admin/pages/move_up.php | ||
---|---|---|
48 | 48 |
require_once(WB_PATH.'/framework/class.admin.php'); |
49 | 49 |
$admin = new admin('Pages', 'pages_settings'); |
50 | 50 |
|
51 |
if (!$admin->checkFTAN('get')) |
|
52 |
{ |
|
53 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
54 |
exit(); |
|
55 |
} |
|
56 |
|
|
51 | 57 |
// Include the ordering class |
52 | 58 |
require(WB_PATH.'/framework/class.order.php'); |
53 | 59 |
|
branches/2.8.x/wb/admin/pages/trash.php | ||
---|---|---|
27 | 27 |
require_once(WB_PATH.'/framework/class.admin.php'); |
28 | 28 |
$admin = new admin('Pages', 'pages'); |
29 | 29 |
|
30 |
if (!$admin->checkFTAN('get')) |
|
31 |
{ |
|
32 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
33 |
exit(); |
|
34 |
} |
|
35 |
|
|
30 | 36 |
?> |
31 | 37 |
<script type="text/javascript" language="javascript"> |
32 | 38 |
function toggle_viewers() { |
... | ... | |
215 | 221 |
|
216 | 222 |
// Generate pages list |
217 | 223 |
if($admin->get_permission('pages_view') == true) { |
224 |
$ftan2 = $admin->getFTAN(2); |
|
218 | 225 |
?> |
219 | 226 |
<table cellpadding="0" cellspacing="0" width="100%" border="0"> |
220 | 227 |
<tr> |
... | ... | |
222 | 229 |
<h2><?php echo $HEADING['DELETED_PAGES']; ?></h2> |
223 | 230 |
</td> |
224 | 231 |
<td align="right"> |
225 |
<a href="<?php echo ADMIN_URL; ?>/pages/empty_trash.php">
|
|
232 |
<a href="<?php echo ADMIN_URL. "/pages/empty_trash.php?$ftan2"; ?>">
|
|
226 | 233 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['PAGE_TRASH']; ?>" border="0" /> |
227 | 234 |
<?php echo $TEXT['EMPTY_TRASH']; ?></a> |
228 | 235 |
</td> |
branches/2.8.x/wb/admin/pages/settings2.php | ||
---|---|---|
30 | 30 |
require_once(WB_PATH.'/framework/class.admin.php'); |
31 | 31 |
$admin = new admin('Pages', 'pages_settings'); |
32 | 32 |
|
33 |
if (!$admin->checkFTAN()) |
|
34 |
{ |
|
35 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php'); |
|
36 |
exit(); |
|
37 |
} |
|
38 |
|
|
33 | 39 |
// Include the WB functions file |
34 | 40 |
require_once(WB_PATH.'/framework/functions.php'); |
35 | 41 |
|
... | ... | |
199 | 205 |
$sql .= 'WHERE `page_id` = '.$page_id; |
200 | 206 |
$database->query($sql); |
201 | 207 |
|
202 |
$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id; |
|
208 |
$ftan2 = $admin->getFTAN(2); |
|
209 |
$target_url = ADMIN_URL."/pages/settings.php?page_id=$page_id&$ftan2"; |
|
203 | 210 |
if($database->is_error()) |
204 | 211 |
{ |
205 | 212 |
$admin->print_error($database->get_error(), $target_url ); |
... | ... | |
296 | 303 |
/* END page "access file" code */ |
297 | 304 |
|
298 | 305 |
$pagetree_url = ADMIN_URL.'/pages/index.php'; |
299 |
$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id; |
|
306 |
$ftan2 = $admin->getFTAN(2); |
|
307 |
$target_url = ADMIN_URL."/pages/settings.php?page_id=$page_id&$ftan2"; |
|
300 | 308 |
// Check if there is a db error, otherwise say successful |
301 | 309 |
if($database->is_error()) |
302 | 310 |
{ |
branches/2.8.x/wb/admin/pages/restore.php | ||
---|---|---|
36 | 36 |
require_once(WB_PATH.'/framework/class.admin.php'); |
37 | 37 |
$admin = new admin('Pages', 'pages_delete'); |
38 | 38 |
|
39 |
if (!$admin->checkFTAN('get')) |
|
40 |
{ |
|
41 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
42 |
exit(); |
|
43 |
} |
|
44 |
|
|
39 | 45 |
// Include the WB functions file |
40 | 46 |
require_once(WB_PATH.'/framework/functions.php'); |
41 | 47 |
|
branches/2.8.x/wb/admin/pages/modify.php | ||
---|---|---|
24 | 24 |
$page_id = $_GET['page_id']; |
25 | 25 |
} |
26 | 26 |
|
27 |
if (!$admin->checkFTAN('get')) |
|
28 |
{ |
|
29 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
30 |
exit(); |
|
31 |
} |
|
32 |
|
|
27 | 33 |
// Create new admin object |
28 | 34 |
require('../../config.php'); |
29 | 35 |
require_once(WB_PATH.'/framework/class.admin.php'); |
... | ... | |
53 | 59 |
$template = new Template(THEME_PATH.'/templates'); |
54 | 60 |
$template->set_file('page', 'pages_modify.htt'); |
55 | 61 |
$template->set_block('page', 'main_block', 'main'); |
62 |
$template->set_var('FTAN2', $admin->getFTAN(2)); |
|
56 | 63 |
|
57 | 64 |
$template->set_var(array( |
58 | 65 |
'PAGE_ID' => $results_array['page_id'], |
branches/2.8.x/wb/admin/pages/sections.php | ||
---|---|---|
41 | 41 |
require_once(WB_PATH.'/framework/class.admin.php'); |
42 | 42 |
$admin = new admin('Pages', 'pages_modify'); |
43 | 43 |
|
44 |
if (!$admin->checkFTAN('get') and !$admin->checkFTAN()) |
|
45 |
{ |
|
46 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
47 |
exit(); |
|
48 |
} |
|
49 |
|
|
44 | 50 |
// Check if we are supposed to add or delete a section |
45 | 51 |
if(isset($_GET['section_id']) AND is_numeric($_GET['section_id'])) |
46 | 52 |
{ |
... | ... | |
71 | 77 |
require(WB_PATH.'/framework/class.order.php'); |
72 | 78 |
$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); |
73 | 79 |
$order->clean($page_id); |
74 |
$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id); |
|
80 |
$ftan2 = $admin->getFTAN(2); |
|
81 |
$admin->print_success($TEXT['SUCCESS'], ADMIN_URL."/pages/sections.php?page_id=$page_id&$ftan2"); |
|
75 | 82 |
$admin->print_footer(); |
76 | 83 |
exit(); |
77 | 84 |
} |
... | ... | |
172 | 179 |
$template = new Template(THEME_PATH.'/templates'); |
173 | 180 |
$template->set_file('page', 'pages_sections.htt'); |
174 | 181 |
$template->set_block('page', 'main_block', 'main'); |
182 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
175 | 183 |
$template->set_block('main_block', 'module_block', 'module_list'); |
176 | 184 |
$template->set_block('main_block', 'section_block', 'section_list'); |
177 | 185 |
$template->set_block('section_block', 'block_block', 'block_list'); |
... | ... | |
201 | 209 |
); |
202 | 210 |
|
203 | 211 |
// Insert variables |
212 |
$ftan2 = $admin->getFTAN(2); |
|
204 | 213 |
$template->set_var(array( |
205 | 214 |
'VAR_PAGE_ID' => $results_array['page_id'], |
206 | 215 |
'VAR_PAGE_TITLE' => $results_array['page_title'], |
207 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], |
|
208 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] |
|
216 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id']."&$ftan2",
|
|
217 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']."&$ftan2"
|
|
209 | 218 |
) |
210 | 219 |
); |
211 | 220 |
|
... | ... | |
232 | 241 |
|
233 | 242 |
if(SECTION_BLOCKS) |
234 | 243 |
{ |
235 |
if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) |
|
244 |
|
|
245 |
if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) |
|
236 | 246 |
{ |
237 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'&wysiwyg='.$section['section_id'] .'">'.$module_tmp.'</a>';
|
|
247 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id."&$ftan2&wysiwyg=".$section['section_id'] .'">'.$module_tmp.'</a>';
|
|
238 | 248 |
} else { |
239 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#wb'.$section['section_id'].'">'.$module_tmp.'</a>'; |
|
249 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#wb'.$section['section_id'].."&$ftan2"'">'.$module_tmp.'</a>';
|
|
240 | 250 |
} |
241 | 251 |
$edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page; |
242 | 252 |
$input_attribute = 'input_normal'; |
... | ... | |
267 | 277 |
$template->parse('block_list', 'block_block', true); |
268 | 278 |
} |
269 | 279 |
} else { |
270 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#'.$section['section_id'].'">'.$module_tmp.'</a>'; |
|
280 |
$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#'.$section['section_id']."&$ftan2".'">'.$module_tmp.'</a>';
|
|
271 | 281 |
$edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page; |
272 | 282 |
$input_attribute = 'input_small'; |
273 | 283 |
$template->set_var(array( |
... | ... | |
309 | 319 |
{ |
310 | 320 |
$template->set_var( |
311 | 321 |
'VAR_MOVE_UP_URL', |
312 |
'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&section_id='.$section['section_id'].'"> |
|
322 |
'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&section_id='.$section['section_id']."&$ftan2".'">
|
|
313 | 323 |
<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" /> |
314 | 324 |
</a>' ); |
315 | 325 |
} else { |
... | ... | |
321 | 331 |
if($section['position'] != $num_sections ) { |
322 | 332 |
$template->set_var( |
323 | 333 |
'VAR_MOVE_DOWN_URL', |
324 |
'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&section_id='.$section['section_id'].'"> |
|
334 |
'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&section_id='.$section['section_id']."&$ftan2".'">
|
|
325 | 335 |
<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" /> |
326 | 336 |
</a>' ); |
327 | 337 |
} else { |
branches/2.8.x/wb/admin/pages/add.php | ||
---|---|---|
21 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
22 | 22 |
$admin = new admin('Pages', 'pages_add'); |
23 | 23 |
|
24 |
if (!$admin->checkFTAN()) |
|
25 |
{ |
|
26 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
27 |
exit(); |
|
28 |
} |
|
29 |
|
|
24 | 30 |
// Include the WB functions file |
25 | 31 |
require_once(WB_PATH.'/framework/functions.php'); |
26 | 32 |
|
branches/2.8.x/wb/framework/class.secureform.php | ||
---|---|---|
68 | 68 |
/* |
69 | 69 |
* creates Formular transactionnumbers for unique use |
70 | 70 |
* @access public |
71 |
* @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default) |
|
72 |
* false returns an array including FTAN0 and FTAN1 |
|
71 |
* @param bool $asTAG: 1 returns a complete prepared, hidden HTML-Input-Tag (default) |
|
72 |
* 2 returns a key value pair (prepared as a GET parameter) |
|
73 |
* anything else returns an array including FTAN0 and FTAN1 |
|
73 | 74 |
* @return mixed: array or string |
74 | 75 |
* |
75 | 76 |
* requirements: an active session must be available |
76 | 77 |
*/ |
77 |
function getFTAN( $as_tag = true)
|
|
78 |
function getFTAN( $as_tag = 1)
|
|
78 | 79 |
{ |
79 | 80 |
if( $this->_FTAN == '') |
80 | 81 |
{ |
... | ... | |
91 | 92 |
} |
92 | 93 |
$ftan0 = 'a'.substr($this->_FTAN, -(10 + hexdec(substr($this->_FTAN, 1))), 10); |
93 | 94 |
$ftan1 = 'a'.substr($this->_FTAN, hexdec(substr($this->_FTAN, -1)), 10); |
94 |
if($as_tag == true) |
|
95 |
{ |
|
95 |
if ($as_tag == 1) { |
|
96 | 96 |
return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />'; |
97 |
}else{ |
|
97 |
} elseif ($as_tag == 2) { |
|
98 |
return "$ftan0=$ftan1"; |
|
99 |
} else { |
|
98 | 100 |
return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1); |
99 | 101 |
} |
100 | 102 |
} |
branches/2.8.x/wb/templates/wb_theme/templates/pages.htt | ||
---|---|---|
2 | 2 |
<div class="{DISPLAY_ADD}"> |
3 | 3 |
<h2>{HEADING_ADD_PAGE}</h2> |
4 | 4 |
<form name="add" action="add.php" method="post"> |
5 |
{FTAN} |
|
5 | 6 |
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center"> |
6 | 7 |
<tr> |
7 | 8 |
<td width="70" height="20">{TEXT_TITLE}:</td> |
branches/2.8.x/wb/templates/wb_theme/templates/pages_modify.htt | ||
---|---|---|
8 | 8 |
{TEXT_CURRENT_PAGE}: |
9 | 9 |
<b>{PAGE_TITLE}</b> |
10 | 10 |
- |
11 |
<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}">{TEXT_CHANGE_SETTINGS}</a> |
|
11 |
<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}&{FTAN2}">{TEXT_CHANGE_SETTINGS}</a>
|
|
12 | 12 |
<!-- BEGIN show_section_block --> |
13 | 13 |
<font style="{DISPLAY_MANAGE_SECTIONS}">-</font> |
14 |
<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a> |
|
14 |
<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}&{FTAN2}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
|
|
15 | 15 |
<!-- END show_section_block --> |
16 | 16 |
<font style="color: #999999;" class="{CLASS_DISPLAY_MODIFIED}"><br /> |
17 | 17 |
<!-- BEGIN show_modify_block --> |
branches/2.8.x/wb/templates/wb_theme/templates/pages_sections.htt | ||
---|---|---|
16 | 16 |
</table> |
17 | 17 |
|
18 | 18 |
<form name="section_properties" action="{ADMIN_URL}/pages/sections_save.php?page_id={VAR_PAGE_ID}" method="post"> |
19 |
{FTAN} |
|
20 |
|
|
19 | 21 |
<table cellpadding="5" cellspacing="0" align="center" border="0" width="100%"> |
20 | 22 |
<tr class="sections_list"> |
21 | 23 |
<td valign="middle" width="{NAME_SIZE}">{TEXT_TYPE}:</td> |
... | ... | |
85 | 87 |
<h2>{TEXT_ADD_SECTION}</h2> |
86 | 88 |
<form name="add" action="{ADMIN_URL}/pages/sections.php?page_id={VAR_PAGE_ID}" method="post"> |
87 | 89 |
<input type="hidden" name="page_id" value="{VAR_PAGE_ID}" /> |
90 |
{FTAN} |
|
88 | 91 |
<table cellpadding="5" cellspacing="0" border="0" align="center" width="100%"> |
89 | 92 |
<tr> |
90 | 93 |
<td width="100%"> |
branches/2.8.x/wb/templates/wb_theme/templates/pages_settings.htt | ||
---|---|---|
26 | 26 |
<form name="settings" action="settings2.php" method="post"> |
27 | 27 |
|
28 | 28 |
<input type="hidden" name="page_id" value="{PAGE_ID}" /> |
29 |
|
|
29 |
{FTAN} |
|
30 | 30 |
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center"> |
31 | 31 |
<tr> |
32 | 32 |
<td width="100" height="20">{TEXT_PAGE_TITLE}:</td> |
branches/2.8.x/wb/templates/argos_theme/templates/pages.htt | ||
---|---|---|
4 | 4 |
<div class="{DISPLAY_ADD}"> |
5 | 5 |
<h2>{HEADING_ADD_PAGE}</h2> |
6 | 6 |
<form name="add" action="add.php" method="post"> |
7 |
{FTAN} |
|
7 | 8 |
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center"> |
8 | 9 |
<tr> |
9 | 10 |
<td width="70" height="20">{TEXT_TITLE}:</td> |
branches/2.8.x/wb/templates/argos_theme/templates/pages_modify.htt | ||
---|---|---|
8 | 8 |
{TEXT_CURRENT_PAGE}: |
9 | 9 |
<b>{PAGE_TITLE}</b> |
10 | 10 |
- |
11 |
<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}">{TEXT_CHANGE_SETTINGS}</a> |
|
11 |
<a href="{ADMIN_URL}/pages/settings.php?page_id={PAGE_ID}&{FTAN2}">{TEXT_CHANGE_SETTINGS}</a>
|
|
12 | 12 |
<!-- BEGIN show_section_block --> |
13 | 13 |
<font style="{DISPLAY_MANAGE_SECTIONS}">-</font> |
14 |
<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a> |
|
14 |
<a href="{ADMIN_URL}/pages/sections.php?page_id={PAGE_ID}&{FTAN2}" style="{DISPLAY_MANAGE_SECTIONS}">{TEXT_MANAGE_SECTIONS}</a>
|
|
15 | 15 |
<!-- END show_section_block --> |
16 | 16 |
<font style="color:#999;" class="{CLASS_DISPLAY_MODIFIED}"><br /> |
17 | 17 |
<!-- BEGIN show_modify_block --> |
branches/2.8.x/wb/templates/argos_theme/templates/pages_sections.htt | ||
---|---|---|
14 | 14 |
</table> |
15 | 15 |
|
16 | 16 |
<form name="section_properties" action="{ADMIN_URL}/pages/sections_save.php?page_id={VAR_PAGE_ID}" method="post"> |
17 |
{FTAN} |
|
17 | 18 |
|
18 | 19 |
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="img_noborder"> |
19 | 20 |
<tr class="sections_list"> |
... | ... | |
81 | 82 |
<h2>{TEXT_ADD_SECTION}</h2> |
82 | 83 |
<form name="add" action="{ADMIN_URL}/pages/sections.php?page_id={VAR_PAGE_ID}" method="post"> |
83 | 84 |
<input type="hidden" name="page_id" value="{VAR_PAGE_ID}" /> |
85 |
{FTAN} |
|
84 | 86 |
<table cellpadding="5" cellspacing="0" border="0" align="center" width="100%"> |
85 | 87 |
<tr> |
86 | 88 |
<td width="50%" valign="middle"> |
branches/2.8.x/wb/templates/argos_theme/templates/pages_settings.htt | ||
---|---|---|
24 | 24 |
<form name="settings" action="settings2.php" method="post"> |
25 | 25 |
|
26 | 26 |
<input type="hidden" name="page_id" value="{PAGE_ID}" /> |
27 |
{FTAN} |
|
27 | 28 |
|
28 | 29 |
<table cellpadding="2" cellspacing="0" border="0" width="100%" align="center"> |
29 | 30 |
<tr> |
Also available in: Unified diff
Security fixes