Project

General

Profile

« Previous | Next » 

Revision 1357

Added by FrankH almost 14 years ago

Security fixes

View differences:

index.php
19 19
require('../../config.php');
20 20
require_once(WB_PATH.'/framework/class.admin.php');
21 21
$admin = new admin('Pages', 'pages');
22

  
23
$ftan = $admin->getFTAN(2);
24

  
22 25
// Include the WB functions file
23 26
require_once(WB_PATH.'/framework/functions.php');
24 27
// eggsurplus: add child pages for a specific page
......
125 128
				</td>
126 129
				<?php if($admin->get_permission('pages_modify') == true AND $can_modify == true) { ?>
127 130
				<td class="list_menu_title">
128
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
131
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
129 132
						<?php if($page['visibility'] == 'public') { ?>
130 133
							<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" />
131 134
						<?php } elseif($page['visibility'] == 'private') { ?>
......
176 179
				<td class="list_actions">
177 180
					<?php if($page['visibility'] != 'deleted') { ?>
178 181
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
179
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
182
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
180 183
							<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="<?php echo $TEXT['SETTINGS']; ?>" />
181 184
						</a>
182 185
						<?php } ?>
183 186
					<?php } else { ?>
184
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
187
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
185 188
							<img src="<?php echo THEME_URL; ?>/images/restore_16.png" border="0" alt="<?php echo $TEXT['RESTORE']; ?>" />
186 189
						</a>
187 190
					<?php } ?>
......
214 217
                        {
215 218
							$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png";
216 219
							?>
217
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
220
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
218 221
							<img src="<?php echo THEME_URL."/images/$file"; ?>" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" />
219 222
							</a>
220 223
						<?php } else { ?>
221
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
224
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
222 225
							<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" border="0" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a>
223 226
						<?php } ?>
224 227
					<?php } ?>
......
228 231
				<?php if($page['position'] != 1) { ?>
229 232
					<?php if($page['visibility'] != 'deleted') { ?>
230 233
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
231
						<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
234
						<a href="<?php echo ADMIN_URL; ?>/pages/move_up.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
232 235
							<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="<?php echo $TEXT['MOVE_UP']; ?>" />
233 236
						</a>
234 237
						<?php } ?>
......
239 242
				<?php if($page['position'] != $num_pages) { ?>
240 243
					<?php if($page['visibility'] != 'deleted') { ?>
241 244
						<?php if($admin->get_permission('pages_settings') == true AND $can_modify == true) { ?>
242
						<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
245
						<a href="<?php echo ADMIN_URL; ?>/pages/move_down.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
243 246
							<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="<?php echo $TEXT['MOVE_DOWN']; ?>" />
244 247
						</a>
245 248
						<?php } ?>
......
248 251
				</td>
249 252
				<td class="list_actions">
250 253
					<?php if($admin->get_permission('pages_delete') == true AND $can_modify == true) { ?>
251
					<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
254
					<a href="javascript: confirm_link('<?php echo $MESSAGE['PAGES']['DELETE_CONFIRM']; ?>?', '<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']."&amp;$ftan"; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
252 255
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="<?php echo $TEXT['DELETE']; ?>" />
253 256
					</a>
254 257
					<?php } ?>
......
301 304
					$query_trash = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE visibility = 'deleted'");
302 305
					if($query_trash->numRows() > 0) {
303 306
						?>
304
						<a href="<?php echo ADMIN_URL; ?>/pages/trash.php">
307
						<a href="<?php echo ADMIN_URL."/pages/trash.php?$ftan"; ?>">
305 308
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['PAGE_TRASH']; ?>" border="0" />
306 309
						<?php echo $TEXT['VIEW_DELETED_PAGES']; ?></a>
307 310
						<?php
......
349 352
$template = new Template(THEME_PATH.'/templates');
350 353
$template->set_file('page', 'pages.htt');
351 354
$template->set_block('page', 'main_block', 'main');
355
$template->set_var('FTAN', $admin->getFTAN());
352 356

  
353 357
// Figure out if the no pages found message should be shown or not
354 358
if($editable_pages == 0) {

Also available in: Unified diff