Project

General

Profile

« Previous | Next » 

Revision 1391

Added by FrankH almost 14 years ago

  1. Security fixes for modules captcha_control, code and droplets

View differences:

branches/2.8.x/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.8.2 -------------------------------------


  		




  14
  
  
    
16 Jan-2011 Build 1389+1390 Frank Heyne (FrankH)


  		




  
  14
  
    
16 Jan-2011 Build 1389-1391 Frank Heyne (FrankH)


  		




  15
  15
  
    
# Security fixes for modules captcha_control, code and droplets


  		




  16
  16
  
    
16 Jan-2011 Build 1388 Dietmar Woellbrink (Luisehahne)


  		




  17
  17
  
    
# more Security fix for admin/pages


  		












  

    
      branches/2.8.x/wb/admin/interface/version.php
    
  





  52
  52
  
    

  		




  53
  53
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  54
  54
  
    
if(!defined('VERSION')) define('VERSION', '2.8.2.RC4');


  		




  55
  
  
    
if(!defined('REVISION')) define('REVISION', '1390');


  		




  
  55
  
    
if(!defined('REVISION')) define('REVISION', '1391');


  		




  56
  56
  
    

  		




  57
  57
  
    
?>


  		












  

    
      branches/2.8.x/wb/modules/code/modify.php
    
  





  20
  20
  
    
$template = new Template(WB_PATH.'/modules/code');


  		




  21
  21
  
    
$template->set_file('page', 'htt/modify.htt');


  		




  22
  22
  
    
$template->set_block('page', 'main_block', 'main');


  		




  
  23
  
    
require_once(WB_PATH.'/modules/admin.php');


  		




  23
  24
  
    

  		




  24
  25
  
    
// Get page content


  		




  25
  26
  
    
$query = "SELECT content FROM ".TABLE_PREFIX."mod_code WHERE section_id = '$section_id'";


  		












  

    
      branches/2.8.x/wb/modules/droplets/delete_droplet.php
    
  





  23
  23
  
    
require_once(WB_PATH.'/framework/class.admin.php');


  		




  24
  24
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  25
  25
  
    

  		




  26
  
  
    
// Get id


  		




  27
  
  
    
$droplet_id = $admin->checkIDKEY('droplet_id', false, 'GET');


  		




  28
  
  
    
if (!$droplet_id) {


  		




  29
  
  
    
 $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);


  		




  30
  
  
    
 exit();


  		




  31
  
  
    
}


  		




  32
  
  
    

  		




  33
  26
  
    
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)


  		




  34
  27
  
    
if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {


  		




  35
  28
  
    
	$admintool_link = ADMIN_URL .'/admintools/index.php';


  		




  ......




  41
  34
  
    
	$admin = new admin('Settings', 'settings_advanced');


  		




  42
  35
  
    
}


  		




  43
  36
  
    

  		




  
  37
  
    
// Get id


  		




  
  38
  
    
$droplet_id = $admin->checkIDKEY('droplet_id', false, 'GET');


  		




  
  39
  
    
if (!$droplet_id) {


  		




  
  40
  
    
 $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);


  		




  
  41
  
    
 exit();


  		




  
  42
  
    
}


  		




  
  43
  
    

  		




  44
  44
  
    
// Delete droplet


  		




  45
  45
  
    
$database->query("DELETE FROM ".TABLE_PREFIX."mod_droplets WHERE id = '$droplet_id' LIMIT 1");


  		




  46
  46
  
    

  		












  

    
      branches/2.8.x/wb/modules/droplets/save_droplet.php
    
  





  29
  29
  
    
require_once(WB_PATH.'/framework/class.admin.php');


  		




  30
  30
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  31
  31
  
    

  		




  32
  
  
    
if (!$admin->checkFTAN())


  		




  33
  
  
    
{


  		




  34
  
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);


  		




  35
  
  
    
	exit();


  		




  36
  
  
    
}


  		




  37
  
  
    

  		




  38
  32
  
    
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)


  		




  39
  33
  
    
if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {


  		




  40
  34
  
    
	$admintool_link = ADMIN_URL .'/admintools/index.php';


  		




  ......




  46
  40
  
    
	$admin = new admin('Settings', 'settings_advanced');


  		




  47
  41
  
    
}


  		




  48
  42
  
    

  		




  
  43
  
    
if (!$admin->checkFTAN())


  		




  
  44
  
    
{


  		




  
  45
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);


  		




  
  46
  
    
	exit();


  		




  
  47
  
    
}


  		




  
  48
  
    

  		




  49
  49
  
    
// Validate all fields


  		




  50
  50
  
    
if($admin->get_post('title') == '') {


  		




  51
  
  
    
	$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='.$droplet_id);


  		




  
  51
  
    
	$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));


  		




  52
  52
  
    
} else {


  		




  53
  53
  
    
	$title = $admin->add_slashes($admin->get_post('title'));


  		




  54
  54
  
    
	$active = (int) $admin->get_post('active');


  		












Also available in:  Unified diff