Project

General

Profile

« Previous | Next » 

Revision 1384

Added by Dietmar over 13 years ago

Security fix in admin/pages

View differences:

settings2.php
17 17 
 */
18 18 

  		




  19
  19
  
    
// Get page id


  		




  20
  
  
    
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id']))


  		




  
  20
  
    
if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id']))


  		




  21
  21
  
    
{


  		




  22
  22
  
    
	header("Location: index.php");


  		




  23
  23
  
    
	exit(0);


  		




  ......




  29
  29
  
    
require('../../config.php');


  		




  30
  30
  
    
require_once(WB_PATH.'/framework/class.admin.php');


  		




  31
  31
  
    
$admin = new admin('Pages', 'pages_settings');


  		




  
  32
  
    

  		




  32
  33
  
    
if (!$admin->checkFTAN())


  		




  33
  34
  
    
{


  		




  34
  
  
    
	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');


  		




  
  35
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');


  		




  35
  36
  
    
	exit();


  		




  36
  37
  
    
}


  		




  37
  38
  
    

  		




  ......




  41
  42
  
    
// Get values


  		




  42
  43
  
    
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') );


  		




  43
  44
  
    
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') );


  		




  44
  
  
    
$page_code = $admin->get_post_escaped('page_code');


  		




  
  45
  
    
$page_code = (int) $admin->get_post_escaped('page_code');


  		




  45
  46
  
    
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) );


  		




  46
  47
  
    
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) );


  		




  47
  
  
    
$parent = $admin->get_post_escaped('parent');


  		




  
  48
  
    
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3


  		




  48
  49
  
    
$visibility = $admin->get_post_escaped('visibility');


  		




  49
  
  
    
$template = $admin->get_post_escaped('template');


  		




  50
  
  
    
$target = $admin->get_post_escaped('target');


  		




  
  50
  
    
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3


  		




  
  51
  
    
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3


  		




  
  52
  
    
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));


  		




  51
  53
  
    
$admin_groups = $admin->get_post_escaped('admin_groups');


  		




  52
  54
  
    
$viewing_groups = $admin->get_post_escaped('viewing_groups');


  		




  53
  55
  
    
$searching = $admin->get_post_escaped('searching');


  		




  54
  
  
    
$language = $admin->get_post_escaped('language');


  		




  55
  
  
    
$menu = $admin->get_post_escaped('menu');


  		




  
  56
  
    
$language = strtoupper($admin->get_post('language'));


  		




  
  57
  
    
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);


  		




  
  58
  
    
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3


  		




  56
  59
  
    

  		




  57
  60
  
    
// Validate data


  		




  58
  61
  
    
if($page_title == '' || substr($page_title,0,1)=='.')


  		




  ......




  90
  93
  
    
	$in_old_group = TRUE;


  		




  91
  94
  
    
    }


  		




  92
  95
  
    
}


  		




  93
  
  
    
if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))


  		




  
  96
  
    
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))


  		




  94
  97
  
    
{


  		




  95
  98
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  96
  99
  
    
}


  		




  ......




  100
  103
  
    
//if(!in_array(1, $admin->get_groups_id())) {


  		




  101
  104
  
    
//	$admin_groups[] = implode(",",$admin->get_groups_id());


  		




  102
  105
  
    
//}


  		




  103
  
  
    
$admin_groups = implode(',', $admin_groups);


  		




  
  106
  
    
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));


  		




  104
  107
  
    
// Setup viewing groups


  		




  105
  108
  
    
$viewing_groups[] = 1;


  		




  106
  109
  
    
//if(!in_array(1, $admin->get_groups_id())) {


  		




  107
  110
  
    
//	$viewing_groups[] = implode(",",$admin->get_groups_id());


  		




  108
  111
  
    
//}


  		




  109
  
  
    
$viewing_groups = implode(',', $viewing_groups);


  		




  
  112
  
    
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));


  		




  110
  113
  
    

  		




  111
  114
  
    
// If needed, get new order


  		




  112
  115
  
    
if($parent != $old_parent)


  		




  ......




  233
  236
  
    
		// Create access file


  		




  234
  237
  
    
		create_access_file($filename,$page_id,$level);


  		




  235
  238
  
    
		// Move a directory for this page


  		




  236
  
  
    
		if(file_exists(WB_PATH.PAGES_DIRECTORY.$old_link.'/') AND is_dir(WB_PATH.PAGES_DIRECTORY.$old_link.'/'))


  		




  
  239
  
    
		if(file_exists(WB_PATH.PAGES_DIRECTORY.$old_link.'/') && is_dir(WB_PATH.PAGES_DIRECTORY.$old_link.'/'))


  		




  237
  240
  
    
        {


  		




  238
  241
  
    
			rename(WB_PATH.PAGES_DIRECTORY.$old_link.'/', WB_PATH.PAGES_DIRECTORY.$link.'/');


  		




  239
  242
  
    
		}


  		












Also available in:  Unified diff