Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1382) +++ branches/2.8.x/CHANGELOG (revision 1383) @@ -11,6 +11,9 @@ ! = Update/Change ------------------------------------- 2.8.2 ------------------------------------- +15 Jan-2011 Build 1383 Frank Heyne (FrankH) +# Security fix for news module +# Some more Security fixes, thanks to Gerben van Veenendaal 14 Jan-2011 Build 1382 Dietmar Woellbrink (Luisehahne) # fix known error in drag and drop 14 Jan-2011 Build 1381 Dietmar Woellbrink (Luisehahne) Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1382) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1383) @@ -52,6 +52,6 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2.RC4'); -if(!defined('REVISION')) define('REVISION', '1382'); +if(!defined('REVISION')) define('REVISION', '1383'); ?> Index: branches/2.8.x/wb/index.php =================================================================== --- branches/2.8.x/wb/index.php (revision 1382) +++ branches/2.8.x/wb/index.php (revision 1383) @@ -35,7 +35,7 @@ * Clients akzeptieren jedoch auch relative URIs. */ $host = $_SERVER['HTTP_HOST']; - $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); + $uri = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\'); $file = 'install/index.php'; $target_url = 'http://'.$host.$uri.'/'.$file; header('Location: '.$target_url); Index: branches/2.8.x/wb/modules/form/view.php =================================================================== --- branches/2.8.x/wb/modules/form/view.php (revision 1382) +++ branches/2.8.x/wb/modules/form/view.php (revision 1383) @@ -124,7 +124,7 @@ } ?> -
0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="#wb_" method="post"> + 0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="#wb_" method="post">
getFTAN(); ?> @@ -376,16 +376,16 @@ if(isset($captcha_error)) { echo '
  • '.$captcha_error.'
    • '; } - echo ''.$TEXT['BACK'].''; + echo ''.$TEXT['BACK'].''; } else { if(isset($email_error)) { echo '
    '.$TEXT['BACK'].''; + echo ''.$TEXT['BACK'].''; } elseif(isset($captcha_error)) { echo '
    '.$TEXT['BACK'].''; + echo ''.$TEXT['BACK'].''; } else { // Check how many times form has been submitted in last hour $last_hour = time()-3600; Index: branches/2.8.x/wb/modules/jsadmin/jsadmin_backend_include.php =================================================================== --- branches/2.8.x/wb/modules/jsadmin/jsadmin_backend_include.php (revision 1382) +++ branches/2.8.x/wb/modules/jsadmin/jsadmin_backend_include.php (revision 1383) @@ -25,8 +25,6 @@ $JSADMIN_PATH = WB_URL.'/modules/jsadmin'; $YUI_PATH = WB_URL.'/include/yui'; $script = $_SERVER['SCRIPT_NAME']; -if(!$script) - $script = $PHP_SELF; if(strstr($script, $admin_folder."/pages/index.php")) $page_type = 'pages'; Index: branches/2.8.x/wb/modules/jsadmin/move_to.php =================================================================== --- branches/2.8.x/wb/modules/jsadmin/move_to.php (revision 1382) +++ branches/2.8.x/wb/modules/jsadmin/move_to.php (revision 1383) @@ -1,32 +1,19 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - +/** + * + * @category modules + * @package JsAdmin + * @author WebsiteBaker Project, modified by Swen Uth for Website Baker 2.7 + * @copyright (C) 2006, Stepan Riha + * @copyright 2009-2011, Website Baker Org. e.V. + * @link http://www.websitebaker2.org/ + * @license http://www.gnu.org/licenses/gpl.html + * @platform WebsiteBaker 2.8.x + * @requirements PHP 5.2.2 and higher + * @version $Id$ + * @filesource $HeadURL$ + * @lastmodified $Date$ + * */ require('../../config.php'); Index: branches/2.8.x/wb/modules/fckeditor/fckeditor/editor/filemanager/connectors/php/io.php =================================================================== --- branches/2.8.x/wb/modules/fckeditor/fckeditor/editor/filemanager/connectors/php/io.php (revision 1382) +++ branches/2.8.x/wb/modules/fckeditor/fckeditor/editor/filemanager/connectors/php/io.php (revision 1383) @@ -157,7 +157,7 @@ // #2124 ensure that no slash is at the end $sRealPath = rtrim($sRealPath,"\\/"); - $sSelfPath = $_SERVER['PHP_SELF'] ; + $sSelfPath = $_SERVER['SCRIPT_NAME'] ; $sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ; $sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ; Index: branches/2.8.x/wb/modules/news/add_post.php =================================================================== --- branches/2.8.x/wb/modules/news/add_post.php (revision 1382) +++ branches/2.8.x/wb/modules/news/add_post.php (revision 1383) @@ -36,7 +36,7 @@ $database->query("INSERT INTO ".TABLE_PREFIX."mod_news_posts (section_id,page_id,position,commenting,active) VALUES ('$section_id','$page_id','$position','$commenting','1')"); // Get the id -$post_id = $database->get_one("SELECT LAST_INSERT_ID()"); +$post_id = $admin->getIDKEY($database->get_one("SELECT LAST_INSERT_ID()")); // Say that a new record has been added, then redirect to modify page if($database->is_error()) { Index: branches/2.8.x/wb/modules/news/modify_settings.php =================================================================== --- branches/2.8.x/wb/modules/news/modify_settings.php (revision 1382) +++ branches/2.8.x/wb/modules/news/modify_settings.php (revision 1383) @@ -64,7 +64,7 @@ - + getFTAN(); ?> Index: branches/2.8.x/wb/modules/news/delete_post.php =================================================================== --- branches/2.8.x/wb/modules/news/delete_post.php (revision 1382) +++ branches/2.8.x/wb/modules/news/delete_post.php (revision 1383) @@ -18,18 +18,18 @@ require('../../config.php'); -// Get id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); - exit(0); -} else { - $post_id = $_GET['post_id']; -} - // Include WB admin wrapper script $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +$pid = $admin->checkIDKEY('post_id', false, 'GET'); +if (!$pid) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} else { + $post_id = $pid; +} + // Get post details $query_details = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'"); if($query_details->numRows() > 0) { Index: branches/2.8.x/wb/modules/news/modify_comment.php =================================================================== --- branches/2.8.x/wb/modules/news/modify_comment.php (revision 1382) +++ branches/2.8.x/wb/modules/news/modify_comment.php (revision 1383) @@ -18,21 +18,18 @@ require('../../config.php'); -// Get id -if(!isset($_GET['comment_id']) OR !is_numeric($_GET['comment_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); - exit(0); -} else { - $comment_id = $_GET['comment_id']; -} - // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); +$comment_id = $admin->checkIDKEY('comment_id', false, 'GET'); +if (!$comment_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + // Get header and footer $query_content = $database->query("SELECT post_id,title,comment FROM ".TABLE_PREFIX."mod_news_comments WHERE comment_id = '$comment_id'"); $fetch_content = $query_content->fetchRow(); - ?>

    @@ -43,7 +40,7 @@ - +getFTAN(); ?>
    @@ -65,7 +62,10 @@
    : - +
    Index: branches/2.8.x/wb/modules/news/view.php =================================================================== --- branches/2.8.x/wb/modules/news/view.php (revision 1382) +++ branches/2.8.x/wb/modules/news/view.php (revision 1383) @@ -209,7 +209,7 @@ { ?>
    - '.PAGE_TITLE.' >> '.$groups[$_GET['g']]['title']; ?> + '.PAGE_TITLE.' >> '.$groups[$_GET['g']]['title']; ?>
    getIDKEY(POST_ID); + $values = array(WB_URL."/modules/news/comment.php?post_id=$pid&section_id=$section_id", $MOD_NEWS['TEXT_COMMENTS']); print str_replace($vars, $values, $setting_comments_header); // Query for comments @@ -466,7 +467,7 @@ // Print comments footer $vars = array('[ADD_COMMENT_URL]','[TEXT_ADD_COMMENT]'); - $values = array(WB_URL.'/modules/news/comment.php?post_id='.POST_ID.'&section_id='.$section_id, $MOD_NEWS['TEXT_ADD_COMMENT']); + $values = array(WB_URL."/modules/news/comment.php?post_id=$pid&section_id=$section_id", $MOD_NEWS['TEXT_ADD_COMMENT']); print str_replace($vars, $values, $setting_comments_footer); } Index: branches/2.8.x/wb/modules/news/save_group.php =================================================================== --- branches/2.8.x/wb/modules/news/save_group.php (revision 1382) +++ branches/2.8.x/wb/modules/news/save_group.php (revision 1383) @@ -33,6 +33,12 @@ $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + // Include WB functions file require(WB_PATH.'/framework/functions.php'); Index: branches/2.8.x/wb/modules/news/move_up.php =================================================================== --- branches/2.8.x/wb/modules/news/move_up.php (revision 1382) +++ branches/2.8.x/wb/modules/news/move_up.php (revision 1383) @@ -18,26 +18,27 @@ require('../../config.php'); +// Include WB admin wrapper script +require(WB_PATH.'/modules/admin.php'); + // Get id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id'])) { - if(!isset($_GET['group_id']) OR !is_numeric($_GET['group_id'])) { - - header("Location: index.php"); - exit( 0 ); +$pid = $admin->checkIDKEY('post_id', false, 'GET'); +$gid = $admin->checkIDKEY('group_id', false, 'GET'); +if (!$pid) { + if (!$gid) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); } else { - $id = $_GET['group_id']; + $id = $gid; $id_field = 'group_id'; $table = TABLE_PREFIX.'mod_news_groups'; } } else { - $id = $_GET['post_id']; + $id = $pid; $id_field = 'post_id'; $table = TABLE_PREFIX.'mod_news_posts'; } -// Include WB admin wrapper script -require(WB_PATH.'/modules/admin.php'); - // Include the ordering class require(WB_PATH.'/framework/class.order.php'); Index: branches/2.8.x/wb/modules/news/save_settings.php =================================================================== --- branches/2.8.x/wb/modules/news/save_settings.php (revision 1382) +++ branches/2.8.x/wb/modules/news/save_settings.php (revision 1383) @@ -22,6 +22,12 @@ $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + // This code removes any ', ''); @@ -44,7 +50,11 @@ } // Update settings -$database->query("UPDATE ".TABLE_PREFIX."mod_news_settings SET header = '$header', post_loop = '$post_loop', footer = '$footer', posts_per_page = '$posts_per_page', post_header = '$post_header', post_footer = '$post_footer', comments_header = '$comments_header', comments_loop = '$comments_loop', comments_footer = '$comments_footer', comments_page = '$comments_page', commenting = '$commenting', resize = '$resize', use_captcha = '$use_captcha' WHERE section_id = '$section_id'"); +$database->query("UPDATE ".TABLE_PREFIX."mod_news_settings SET header = '$header', post_loop = '$post_loop', footer = '$footer', + posts_per_page = '$posts_per_page', post_header = '$post_header', post_footer = '$post_footer', + comments_header = '$comments_header', comments_loop = '$comments_loop', comments_footer = '$comments_footer', + comments_page = '$comments_page', commenting = '$commenting', resize = '$resize', use_captcha = '$use_captcha' + WHERE section_id = '$section_id'"); // Check if there is a db error, otherwise say successful if($database->is_error()) { Index: branches/2.8.x/wb/modules/news/delete_comment.php =================================================================== --- branches/2.8.x/wb/modules/news/delete_comment.php (revision 1382) +++ branches/2.8.x/wb/modules/news/delete_comment.php (revision 1383) @@ -18,33 +18,20 @@ require('../../config.php'); -// Get id -if(!isset($_GET['comment_id']) OR !is_numeric($_GET['comment_id'])) { - - header("Location: ".ADMIN_URL."/pages/index.php"); - exit( 0 ); -} -else -{ - $comment_id = $_GET['comment_id']; -} - -// Get post id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id'])) -{ - - header("Location: ".ADMIN_URL."/pages/index.php"); - exit( 0 ); -} -else -{ - $post_id = $_GET['post_id']; -} - // Include WB admin wrapper script $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +$cid = $admin->checkIDKEY('comment_id', false, 'GET'); +$pid = $admin->checkIDKEY('post_id', false, 'GET'); +if (!$pid || !$cid) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} else { + $comment_id = $cid; + $post_id = $admin->getIDKEY($pid); +} + // Update row $database->query("DELETE FROM ".TABLE_PREFIX."mod_news_comments WHERE comment_id = '$comment_id'"); Index: branches/2.8.x/wb/modules/news/modify.php =================================================================== --- branches/2.8.x/wb/modules/news/modify.php (revision 1382) +++ branches/2.8.x/wb/modules/news/modify.php (revision 1383) @@ -56,15 +56,16 @@ fetchRow()) { + $pid = $admin->getIDKEY($post['post_id']); ?> @@ -103,13 +104,13 @@ else $icon=THEME_URL.'/images/clock_red_16.png'; ?> - + @@ -157,15 +158,16 @@
    - + Modify - - + - + ^ @@ -116,13 +117,13 @@ - + v - + X
    fetchRow()) { + $gid = $admin->getIDKEY($group['group_id']); ?> @@ -174,7 +176,7 @@ Index: branches/2.8.x/wb/modules/news/modify_post.php =================================================================== --- branches/2.8.x/wb/modules/news/modify_post.php (revision 1382) +++ branches/2.8.x/wb/modules/news/modify_post.php (revision 1383) @@ -18,17 +18,15 @@ require('../../config.php'); -// Get id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); - exit(0); -} else { - $post_id = $_GET['post_id']; -} - // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); +$post_id = $admin->checkIDKEY('post_id', false, 'GET'); +if (!$post_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + // Get header and footer $query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'"); $fetch_content = $query_content->fetchRow(); @@ -54,6 +52,7 @@ +getFTAN(); ?>
    - + Modify - - + - + ^ @@ -181,13 +183,13 @@ - + v - + X
    @@ -205,24 +204,31 @@ $query_comments = $database->query("SELECT * FROM `".TABLE_PREFIX."mod_news_comments` WHERE section_id = '$section_id' AND post_id = '$post_id' ORDER BY commented_when DESC"); if($query_comments->numRows() > 0) { $row = 'a'; + $pid = $admin->getIDKEY($post_id); ?>
    fetchRow()) { + $cid = $admin->getIDKEY($comment['comment_id']); ?> Index: branches/2.8.x/wb/modules/news/move_down.php =================================================================== --- branches/2.8.x/wb/modules/news/move_down.php (revision 1382) +++ branches/2.8.x/wb/modules/news/move_down.php (revision 1383) @@ -18,25 +18,27 @@ require('../../config.php'); +// Include WB admin wrapper script +require(WB_PATH.'/modules/admin.php'); + // Get id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id'])) { - if(!isset($_GET['group_id']) OR !is_numeric($_GET['group_id'])) { - header("Location: index.php"); - exit(0); +$pid = $admin->checkIDKEY('post_id', false, 'GET'); +$gid = $admin->checkIDKEY('group_id', false, 'GET'); +if (!$pid) { + if (!$gid) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); } else { - $id = $_GET['group_id']; + $id = $gid; $id_field = 'group_id'; $table = TABLE_PREFIX.'mod_news_groups'; } } else { - $id = $_GET['post_id']; + $id = $pid; $id_field = 'post_id'; $table = TABLE_PREFIX.'mod_news_posts'; } -// Include WB admin wrapper script -require(WB_PATH.'/modules/admin.php'); - // Include the ordering class require(WB_PATH.'/framework/class.order.php'); Index: branches/2.8.x/wb/modules/news/comment_page.php =================================================================== --- branches/2.8.x/wb/modules/news/comment_page.php (revision 1382) +++ branches/2.8.x/wb/modules/news/comment_page.php (revision 1383) @@ -78,8 +78,8 @@

    - : + echo $admin->getFTAN(); + echo $TEXT['TITLE']; ?>:
    />

    Index: branches/2.8.x/wb/modules/news/comment.php =================================================================== --- branches/2.8.x/wb/modules/news/comment.php (revision 1382) +++ branches/2.8.x/wb/modules/news/comment.php (revision 1383) @@ -18,15 +18,15 @@ // Include config file require('../../config.php'); +require_once(WB_PATH.'/framework/class.wb.php'); +$wb = new wb; // Check if there is a post id -if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id']) - OR !isset($_GET['section_id']) OR !is_numeric($_GET['section_id'])) -{ - header("Location: ".WB_URL.PAGES_DIRECTORY.""); - exit( 0 ); +$post_id = $wb->checkIDKEY('post_id', false, 'GET'); +if (!$post_id OR !isset($_GET['section_id']) OR !is_numeric($_GET['section_id'])) { + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); } -$post_id = $_GET['post_id']; $section_id = $_GET['section_id']; // Query post for page id Index: branches/2.8.x/wb/modules/news/modify_group.php =================================================================== --- branches/2.8.x/wb/modules/news/modify_group.php (revision 1382) +++ branches/2.8.x/wb/modules/news/modify_group.php (revision 1383) @@ -18,17 +18,15 @@ require('../../config.php'); -// Get id -if(!isset($_GET['group_id']) OR !is_numeric($_GET['group_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); - exit(0); -} else { - $group_id = $_GET['group_id']; -} - // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); +$group_id = $admin->checkIDKEY('group_id', false, 'GET'); +if (!$group_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + // Get header and footer $query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_groups WHERE group_id = '$group_id'"); $fetch_content = $query_content->fetchRow(); @@ -42,7 +40,7 @@ - +getFTAN(); ?>
    - + ^ - + - + X
    Index: branches/2.8.x/wb/modules/news/save_post.php =================================================================== --- branches/2.8.x/wb/modules/news/save_post.php (revision 1382) +++ branches/2.8.x/wb/modules/news/save_post.php (revision 1383) @@ -32,6 +32,16 @@ $post_id = $id; } +// Include WB admin wrapper script +$update_when_modified = true; // Tells script to update when this page was last updated +require(WB_PATH.'/modules/admin.php'); + +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + function create_file($filename, $filetime=NULL ) { global $page_id, $section_id, $post_id; @@ -80,10 +90,6 @@ } -// Include WB admin wrapper script -$update_when_modified = true; // Tells script to update when this page was last updated -require(WB_PATH.'/modules/admin.php'); - // Validate all fields if($admin->get_post('title') == '' AND $admin->get_post('url') == '') { Index: branches/2.8.x/wb/modules/news/add_group.php =================================================================== --- branches/2.8.x/wb/modules/news/add_group.php (revision 1382) +++ branches/2.8.x/wb/modules/news/add_group.php (revision 1383) @@ -31,13 +31,13 @@ $database->query("INSERT INTO ".TABLE_PREFIX."mod_news_groups (section_id,page_id,position,active) VALUES ('$section_id','$page_id','$position','1')"); // Get the id -$group_id = $database->get_one("SELECT LAST_INSERT_ID()"); +$group_id = $admin->getIDKEY($database->get_one("SELECT LAST_INSERT_ID()")); // Say that a new record has been added, then redirect to modify page if($database->is_error()) { $admin->print_error($database->get_error(), WB_URL.'/modules/news/modify_group.php?page_id='.$page_id.'§ion_id='.$section_id.'&group_id='.$group_id); } else { - $admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/news/modify_group.php?page_id='.$page_id.'§ion_id='.$section_id.'&group_id='.$group_id); + $admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/news/modify_group.php?page_id='.$page_id.'§ion_id='.$section_id.'&group_id='.$group_id); } // Print admin footer Index: branches/2.8.x/wb/modules/news/rss.php =================================================================== --- branches/2.8.x/wb/modules/news/rss.php (revision 1382) +++ branches/2.8.x/wb/modules/news/rss.php (revision 1383) @@ -31,7 +31,6 @@ // Include WB files require_once('../../config.php'); require_once(WB_PATH.'/framework/class.frontend.php'); -$database = new database(); $wb = new frontend(); $wb->page_id = $page_id; $wb->get_page_details(); Index: branches/2.8.x/wb/modules/news/delete_group.php =================================================================== --- branches/2.8.x/wb/modules/news/delete_group.php (revision 1382) +++ branches/2.8.x/wb/modules/news/delete_group.php (revision 1383) @@ -18,18 +18,18 @@ require('../../config.php'); -// Get id -if(!isset($_GET['group_id']) OR !is_numeric($_GET['group_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); - exit(0); -} else { - $group_id = $_GET['group_id']; -} - // Include WB admin wrapper script $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +$gid = $admin->checkIDKEY('group_id', false, 'GET'); +if (!$pid) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} else { + $group_id = $gid; +} + $database->query("UPDATE ".TABLE_PREFIX."mod_news_posts SET group_id = '0' where group_id='$group_id'"); // Update row $database->query("DELETE FROM ".TABLE_PREFIX."mod_news_groups WHERE group_id = '$group_id'"); Index: branches/2.8.x/wb/modules/news/save_comment.php =================================================================== --- branches/2.8.x/wb/modules/news/save_comment.php (revision 1382) +++ branches/2.8.x/wb/modules/news/save_comment.php (revision 1383) @@ -21,7 +21,6 @@ // Get id if(!isset($_POST['comment_id']) OR !is_numeric($_POST['comment_id']) OR !isset($_POST['post_id']) OR !is_numeric($_POST['post_id'])) { - header("Location: ".ADMIN_URL."/pages/index.php"); exit( 0 ); } @@ -34,6 +33,14 @@ $update_when_modified = true; // Tells script to update when this page was last updated require(WB_PATH.'/modules/admin.php'); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); + exit(); +} + +$id = $admin->getIDKEY($comment_id); + // Validate all fields if($admin->get_post('title') == '' AND $admin->get_post('comment') == '') { @@ -43,7 +50,7 @@ { $title = strip_tags($admin->get_post_escaped('title')); $comment = strip_tags($admin->get_post_escaped('comment')); - $post_id = $admin->get_post('post_id'); + $post_id = $admin->getIDKEY($admin->get_post('post_id')); } // Update row Index: branches/2.8.x/wb/modules/news/submit_comment.php =================================================================== --- branches/2.8.x/wb/modules/news/submit_comment.php (revision 1382) +++ branches/2.8.x/wb/modules/news/submit_comment.php (revision 1383) @@ -28,6 +28,12 @@ $wb = new wb; /* */ +if (!$wb->checkFTAN()) +{ + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Check if we should show the form or add a comment if(isset($_GET['page_id']) AND is_numeric($_GET['page_id']) AND isset($_GET['section_id']) AND is_numeric($_GET['section_id'])
    :