/ - Diff - WB 2.08.x - Tracking

     ! = Update/Change
     ------------------------------------- 2.8.2 -------------------------------------
 Jan-2011 Build 1395 Frank Heyne (FrankH)
     # Security fix in admin/addons
 Jan-2011 Build 1394 Dietmar Woellbrink (Luisehahne)
     ! set construct to FRONTEND class.wb
     ! set 2.8.2 to RC5

branches/2.8.x/wb/admin/interface/version.php
52	52
53	53	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54	54	if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');
55		if(!defined('REVISION')) define('REVISION', '1394');
	55	if(!defined('REVISION')) define('REVISION', '1395');
56	56
57	57	?>

     $admin = new admin('Admintools', 'admintools', false, false);
     if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php'));
     if (!$admin->checkFTAN())
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
     	exit();
+    }
     // check if the referer URL if available
     $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
     	(isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');

                     ? '<a href="' . ADMIN_URL . '/addons/index.php?advanced">' . $TEXT['ADVANCED'] . '</a>' : '',
     	'ADVANCED_URL' => $admin->get_permission('admintools') ? ADMIN_URL . '/addons/index.php' : '',
         'TEXT_ADVANCED' => $TEXT['ADVANCED'],
     	'FTAN'			=> $admin->getFTAN()
+    	)
     );

branches/2.8.x/wb/templates/wb_theme/templates/addons.htt
48	48	<tr>
49	49	<td class="description">
50	50	<form action="{RELOAD_URL}" method="post">
	51	{FTAN}
51	52	{MESSAGE_RELOAD_ADDONS}<br style="margin-bottom: 0.5em" />
52	53	<input {DISPLAY_MODULES} type="checkbox" name="reload_modules" id="reload_modules" value="true" />
53	54	<label {DISPLAY_MODULES} for="reload_modules">{MODULES}</label>

branches/2.8.x/wb/templates/argos_theme/templates/addons.htt
39	39	<td class="graphic" align="center" valign="middle" rowspan="2"><img src="{THEME_URL}/icons/admintools.png" alt="{TXT_ADMIN_SETTINGS}" /> </td>
40	40	<td class="description" valign="top"><span class="title">{TXT_ADMIN_SETTINGS}</span>
41	41	<form action="{RELOAD_URL}" method="post">
	42	{FTAN}
42	43	{MESSAGE_RELOAD_ADDONS}
43	44	<br style="margin-bottom: 0.5em" />
44	45	<input {DISPLAY_MODULES} type="checkbox" name="reload_modules" id="reload_modules" value="true" />

     		// output content of module file to textareas
     	?>
     		<form name="edit_module_file" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" style="margin: 0;">
     		<form name="edit_module_file" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" method="post" style="margin: 0;">
     	  	<input type="hidden" name="page_id" value="<?php echo $page_id; ?>" />
     	  	<input type="hidden" name="section_id" value="<?php echo $section_id; ?>" />
     	  	<input type="hidden" name="mod_dir" value="<?php echo $mod_dir; ?>" />

     	$comment = $wb->add_slashes(strip_tags($comment));
     	$title = $wb->add_slashes(strip_tags($_POST['title']));
     	// do not allow droplets in user input!
     	$title = str_replace(array("[[", "]]"), array("&#91;&#91;", "&#93;&#93;"), $title);
     	$comment = str_replace(array("[[", "]]"), array("&#91;&#91;", "&#93;&#93;"), $comment);
     	$page_id = $_GET['page_id'];
     	$section_id = $_GET['section_id'];
     	$post_id = $_GET['post_id'];

WB 2.08.x