Revision 1383
Added by FrankH almost 14 years ago
- Security fix for news module
- Some more Security fixes, thanks to Gerben van Veenendaal
modify.php | ||
---|---|---|
56 | 56 |
<table cellpadding="2" cellspacing="0" border="0" width="100%"> |
57 | 57 |
<?php |
58 | 58 |
while($post = $query_posts->fetchRow()) { |
59 |
$pid = $admin->getIDKEY($post['post_id']); |
|
59 | 60 |
?> |
60 | 61 |
<tr class="row_<?php echo $row; ?>"> |
61 | 62 |
<td width="20" style="padding-left: 5px;"> |
62 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
63 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
63 | 64 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " /> |
64 | 65 |
</a> |
65 | 66 |
</td> |
66 | 67 |
<td> |
67 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>">
|
|
68 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>">
|
|
68 | 69 |
<?php echo ($post['title']); ?> |
69 | 70 |
</a> |
70 | 71 |
</td> |
... | ... | |
103 | 104 |
else |
104 | 105 |
$icon=THEME_URL.'/images/clock_red_16.png'; |
105 | 106 |
?> |
106 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
107 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
107 | 108 |
<img src="<?php echo $icon; ?>" border="0" alt="" /> |
108 | 109 |
</a> |
109 | 110 |
</td> |
110 | 111 |
<td width="20"> |
111 | 112 |
<?php if($post['position'] != $num_posts) { ?> |
112 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
113 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
113 | 114 |
<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" /> |
114 | 115 |
</a> |
115 | 116 |
<?php } ?> |
116 | 117 |
</td> |
117 | 118 |
<td width="20"> |
118 | 119 |
<?php if($post['position'] != 1) { ?> |
119 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
120 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
120 | 121 |
<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" /> |
121 | 122 |
</a> |
122 | 123 |
<?php } ?> |
123 | 124 |
</td> |
124 | 125 |
<td width="20"> |
125 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
126 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
126 | 127 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" /> |
127 | 128 |
</a> |
128 | 129 |
</td> |
... | ... | |
157 | 158 |
<table cellpadding="2" cellspacing="0" border="0" width="100%"> |
158 | 159 |
<?php |
159 | 160 |
while($group = $query_groups->fetchRow()) { |
161 |
$gid = $admin->getIDKEY($group['group_id']); |
|
160 | 162 |
?> |
161 | 163 |
<tr class="row_<?php echo $row; ?>"> |
162 | 164 |
<td width="20" style="padding-left: 5px;"> |
163 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
165 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
164 | 166 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " /> |
165 | 167 |
</a> |
166 | 168 |
</td> |
167 | 169 |
<td> |
168 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>">
|
|
170 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>">
|
|
169 | 171 |
<?php echo $group['title']; ?> |
170 | 172 |
</a> |
171 | 173 |
</td> |
... | ... | |
174 | 176 |
</td> |
175 | 177 |
<td width="20"> |
176 | 178 |
<?php if($group['position'] != 1) { ?> |
177 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
179 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
178 | 180 |
<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" /> |
179 | 181 |
</a> |
180 | 182 |
<?php } ?> |
181 | 183 |
</td> |
182 | 184 |
<td width="20"> |
183 | 185 |
<?php if($group['position'] != $num_groups) { ?> |
184 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
186 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
185 | 187 |
<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" /> |
186 | 188 |
</a> |
187 | 189 |
<?php } ?> |
188 | 190 |
</td> |
189 | 191 |
<td width="20"> |
190 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&group_id=<?php echo $group['group_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
192 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
191 | 193 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" /> |
192 | 194 |
</a> |
193 | 195 |
</td> |
Also available in: Unified diff