Project

General

Profile

« Previous | Next » 

Revision 1383

Added by FrankH almost 14 years ago

  1. Security fix for news module
  2. Some more Security fixes, thanks to Gerben van Veenendaal

View differences:

modify.php
56 56
	<table cellpadding="2" cellspacing="0" border="0" width="100%">
57 57
	<?php
58 58
	while($post = $query_posts->fetchRow()) {
59
		$pid = $admin->getIDKEY($post['post_id']);
59 60
		?>
60 61
		<tr class="row_<?php echo $row; ?>">
61 62
			<td width="20" style="padding-left: 5px;">
62
				<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
63
				<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
63 64
					<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " />
64 65
				</a>
65 66
			</td>
66 67
			<td>
67
				<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>">
68
				<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>">
68 69
					<?php echo ($post['title']); ?>
69 70
				</a>
70 71
			</td>
......
103 104
			else
104 105
				$icon=THEME_URL.'/images/clock_red_16.png';
105 106
			?>
106
			<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
107
			<a href="<?php echo WB_URL; ?>/modules/news/modify_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
107 108
				<img src="<?php echo $icon; ?>" border="0" alt="" />
108 109
			</a>
109 110
			</td>
110 111
			<td width="20">
111 112
			<?php if($post['position'] != $num_posts) { ?>
112
				<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
113
				<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
113 114
					<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" />
114 115
				</a>
115 116
			<?php } ?>
116 117
			</td>
117 118
			<td width="20">
118 119
			<?php if($post['position'] != 1) { ?>
119
				<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
120
				<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
120 121
					<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" />
121 122
				</a>
122 123
			<?php } ?>
123 124
			</td>
124 125
			<td width="20">
125
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $post['post_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
126
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_post.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;post_id=<?php echo $pid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
126 127
					<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" />
127 128
				</a>
128 129
			</td>
......
157 158
	<table cellpadding="2" cellspacing="0" border="0" width="100%">
158 159
	<?php
159 160
	while($group = $query_groups->fetchRow()) {
161
		$gid = $admin->getIDKEY($group['group_id']);
160 162
		?>
161 163
		<tr class="row_<?php echo $row; ?>">
162 164
			<td width="20" style="padding-left: 5px;">
163
				<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
165
				<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
164 166
					<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify - " />
165 167
				</a>
166 168
			</td>		
167 169
			<td>
168
				<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $group['group_id']; ?>">
170
				<a href="<?php echo WB_URL; ?>/modules/news/modify_group.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $gid; ?>">
169 171
					<?php echo $group['title']; ?>
170 172
				</a>
171 173
			</td>
......
174 176
			</td>
175 177
			<td width="20">
176 178
			<?php if($group['position'] != 1) { ?>
177
				<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
179
				<a href="<?php echo WB_URL; ?>/modules/news/move_up.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_UP']; ?>">
178 180
					<img src="<?php echo THEME_URL; ?>/images/up_16.png" border="0" alt="^" />
179 181
				</a>
180 182
			<?php } ?>
181 183
			</td>
182 184
			<td width="20">
183 185
			<?php if($group['position'] != $num_groups) { ?>
184
				<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $group['group_id']; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
186
				<a href="<?php echo WB_URL; ?>/modules/news/move_down.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $gid; ?>" title="<?php echo $TEXT['MOVE_DOWN']; ?>">
185 187
					<img src="<?php echo THEME_URL; ?>/images/down_16.png" border="0" alt="v" />
186 188
				</a>
187 189
			<?php } ?>
188 190
			</td>
189 191
			<td width="20">
190
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&amp;group_id=<?php echo $group['group_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
192
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/news/delete_group.php?page_id=<?php echo $page_id; ?>&amp;section_id=<?php echo $section_id; ?>&amp;group_id=<?php echo $gid; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
191 193
					<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" />
192 194
				</a>
193 195
			</td>

Also available in: Unified diff