Revision 1395
Added by FrankH almost 14 years ago
- Security fix in admin/addons
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
14 |
17 Jan-2011 Build 1395 Frank Heyne (FrankH) |
|
15 |
# Security fix in admin/addons |
|
14 | 16 |
16 Jan-2011 Build 1394 Dietmar Woellbrink (Luisehahne) |
15 | 17 |
! set construct to FRONTEND class.wb |
16 | 18 |
! set 2.8.2 to RC5 |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
52 | 52 |
|
53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5'); |
55 |
if(!defined('REVISION')) define('REVISION', '1394');
|
|
55 |
if(!defined('REVISION')) define('REVISION', '1395');
|
|
56 | 56 |
|
57 | 57 |
?> |
branches/2.8.x/wb/admin/addons/reload.php | ||
---|---|---|
36 | 36 |
$admin = new admin('Admintools', 'admintools', false, false); |
37 | 37 |
if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php')); |
38 | 38 |
|
39 |
if (!$admin->checkFTAN()) |
|
40 |
{ |
|
41 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); |
|
42 |
exit(); |
|
43 |
} |
|
44 |
|
|
39 | 45 |
// check if the referer URL if available |
40 | 46 |
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : |
41 | 47 |
(isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : ''); |
branches/2.8.x/wb/admin/addons/index.php | ||
---|---|---|
73 | 73 |
? '<a href="' . ADMIN_URL . '/addons/index.php?advanced">' . $TEXT['ADVANCED'] . '</a>' : '', |
74 | 74 |
'ADVANCED_URL' => $admin->get_permission('admintools') ? ADMIN_URL . '/addons/index.php' : '', |
75 | 75 |
'TEXT_ADVANCED' => $TEXT['ADVANCED'], |
76 |
|
|
76 |
'FTAN' => $admin->getFTAN() |
|
77 | 77 |
) |
78 | 78 |
); |
79 | 79 |
|
branches/2.8.x/wb/templates/wb_theme/templates/addons.htt | ||
---|---|---|
48 | 48 |
<tr> |
49 | 49 |
<td class="description"> |
50 | 50 |
<form action="{RELOAD_URL}" method="post"> |
51 |
{FTAN} |
|
51 | 52 |
{MESSAGE_RELOAD_ADDONS}<br style="margin-bottom: 0.5em" /> |
52 | 53 |
<input {DISPLAY_MODULES} type="checkbox" name="reload_modules" id="reload_modules" value="true" /> |
53 | 54 |
<label {DISPLAY_MODULES} for="reload_modules">{MODULES}</label> |
branches/2.8.x/wb/templates/argos_theme/templates/addons.htt | ||
---|---|---|
39 | 39 |
<td class="graphic" align="center" valign="middle" rowspan="2"><img src="{THEME_URL}/icons/admintools.png" alt="{TXT_ADMIN_SETTINGS}" /> </td> |
40 | 40 |
<td class="description" valign="top"><span class="title">{TXT_ADMIN_SETTINGS}</span> |
41 | 41 |
<form action="{RELOAD_URL}" method="post"> |
42 |
{FTAN} |
|
42 | 43 |
{MESSAGE_RELOAD_ADDONS} |
43 | 44 |
<br style="margin-bottom: 0.5em" /> |
44 | 45 |
<input {DISPLAY_MODULES} type="checkbox" name="reload_modules" id="reload_modules" value="true" /> |
branches/2.8.x/wb/modules/edit_module_files.php | ||
---|---|---|
115 | 115 |
|
116 | 116 |
// output content of module file to textareas |
117 | 117 |
?> |
118 |
<form name="edit_module_file" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" style="margin: 0;">
|
|
118 |
<form name="edit_module_file" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post" style="margin: 0;">
|
|
119 | 119 |
<input type="hidden" name="page_id" value="<?php echo $page_id; ?>" /> |
120 | 120 |
<input type="hidden" name="section_id" value="<?php echo $section_id; ?>" /> |
121 | 121 |
<input type="hidden" name="mod_dir" value="<?php echo $mod_dir; ?>" /> |
branches/2.8.x/wb/modules/news/submit_comment.php | ||
---|---|---|
52 | 52 |
|
53 | 53 |
$comment = $wb->add_slashes(strip_tags($comment)); |
54 | 54 |
$title = $wb->add_slashes(strip_tags($_POST['title'])); |
55 |
// do not allow droplets in user input! |
|
56 |
$title = str_replace(array("[[", "]]"), array("[[", "]]"), $title); |
|
57 |
$comment = str_replace(array("[[", "]]"), array("[[", "]]"), $comment); |
|
55 | 58 |
$page_id = $_GET['page_id']; |
56 | 59 |
$section_id = $_GET['section_id']; |
57 | 60 |
$post_id = $_GET['post_id']; |
Also available in: Unified diff