Revision 1383
Added by FrankH almost 14 years ago
- Security fix for news module
- Some more Security fixes, thanks to Gerben van Veenendaal
| modify.php | ||
|---|---|---|
| 56 | 56 |
<table cellpadding="2" cellspacing="0" border="0" width="100%"> |
| 57 | 57 |
<?php |
| 58 | 58 |
while($post = $query_posts->fetchRow()) {
|
| 59 |
$pid = $admin->getIDKEY($post['post_id']); |
|
| 59 | 60 |
?> |
| 60 | 61 |
<tr class="row_<?php echo $row; ?>"> |
| 61 | 62 |
<td width="20" style="padding-left: 5px;"> |
| 62 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 63 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 63 | 64 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " /> |
| 64 | 65 |
</a> |
| 65 | 66 |
</td> |
| 66 | 67 |
<td> |
| 67 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>">
|
|
| 68 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>">
|
|
| 68 | 69 |
<?php echo ($post['title']); ?> |
| 69 | 70 |
</a> |
| 70 | 71 |
</td> |
| ... | ... | |
| 103 | 104 |
else |
| 104 | 105 |
$icon=THEME_URL.'/images/clock_red_16.png'; |
| 105 | 106 |
?> |
| 106 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 107 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 107 | 108 |
<img src="<?php echo $icon; ?>" border="0" alt="" /> |
| 108 | 109 |
</a> |
| 109 | 110 |
</td> |
| 110 | 111 |
<td width="20"> |
| 111 | 112 |
<?php if($post['position'] != $num_posts) { ?>
|
| 112 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
| 113 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
| 113 | 114 |
<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" /> |
| 114 | 115 |
</a> |
| 115 | 116 |
<?php } ?> |
| 116 | 117 |
</td> |
| 117 | 118 |
<td width="20"> |
| 118 | 119 |
<?php if($post['position'] != 1) { ?>
|
| 119 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
| 120 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
| 120 | 121 |
<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" /> |
| 121 | 122 |
</a> |
| 122 | 123 |
<?php } ?> |
| 123 | 124 |
</td> |
| 124 | 125 |
<td width="20"> |
| 125 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $post['post_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 126 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&post_id=<?php echo $pid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 126 | 127 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" /> |
| 127 | 128 |
</a> |
| 128 | 129 |
</td> |
| ... | ... | |
| 157 | 158 |
<table cellpadding="2" cellspacing="0" border="0" width="100%"> |
| 158 | 159 |
<?php |
| 159 | 160 |
while($group = $query_groups->fetchRow()) {
|
| 161 |
$gid = $admin->getIDKEY($group['group_id']); |
|
| 160 | 162 |
?> |
| 161 | 163 |
<tr class="row_<?php echo $row; ?>"> |
| 162 | 164 |
<td width="20" style="padding-left: 5px;"> |
| 163 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 165 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 164 | 166 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " /> |
| 165 | 167 |
</a> |
| 166 | 168 |
</td> |
| 167 | 169 |
<td> |
| 168 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>">
|
|
| 170 |
<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>">
|
|
| 169 | 171 |
<?php echo $group['title']; ?> |
| 170 | 172 |
</a> |
| 171 | 173 |
</td> |
| ... | ... | |
| 174 | 176 |
</td> |
| 175 | 177 |
<td width="20"> |
| 176 | 178 |
<?php if($group['position'] != 1) { ?>
|
| 177 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
| 179 |
<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
|
|
| 178 | 180 |
<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" /> |
| 179 | 181 |
</a> |
| 180 | 182 |
<?php } ?> |
| 181 | 183 |
</td> |
| 182 | 184 |
<td width="20"> |
| 183 | 185 |
<?php if($group['position'] != $num_groups) { ?>
|
| 184 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
| 186 |
<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
|
|
| 185 | 187 |
<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" /> |
| 186 | 188 |
</a> |
| 187 | 189 |
<?php } ?> |
| 188 | 190 |
</td> |
| 189 | 191 |
<td width="20"> |
| 190 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&group_id=<?php echo $group['group_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 192 |
<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&section_id=<?php echo $section_id; ?>&group_id=<?php echo $gid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 191 | 193 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" /> |
| 192 | 194 |
</a> |
| 193 | 195 |
</td> |
Also available in: Unified diff