Revision 1400
Added by FrankH over 13 years ago
- Security fix in account
- Security fix in admin/media, thanks to hal 9000
| branches/2.8.x/wb/admin/media/rename2.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Create admin object |
| 27 | 20 |
require('../../config.php');
|
| 28 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 29 | 22 |
$admin = new admin('Media', 'media_rename', false);
|
| 30 | 23 |
|
| 24 |
if (!$admin->checkFTAN()) |
|
| 25 |
{
|
|
| 26 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 27 |
exit(); |
|
| 28 |
} |
|
| 29 |
|
|
| 31 | 30 |
// Include the WB functions file |
| 32 | 31 |
require_once(WB_PATH.'/framework/functions.php'); |
| 33 | 32 |
|
| 34 | 33 |
// Get list of file types to which we're supposed to append 'txt' |
| 35 |
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
|
|
| 36 |
$file_extension_string='';
|
|
| 34 |
$get_result = $database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
|
|
| 35 |
$file_extension_string = '';
|
|
| 37 | 36 |
if ($get_result->numRows()>0) {
|
| 38 |
$fetch_result=$get_result->fetchRow();
|
|
| 39 |
$file_extension_string=$fetch_result['value'];
|
|
| 37 |
$fetch_result = $get_result->fetchRow();
|
|
| 38 |
$file_extension_string = $fetch_result['value'];
|
|
| 40 | 39 |
} |
| 41 | 40 |
$file_extensions=explode(",",$file_extension_string);
|
| 42 | 41 |
|
| 43 |
|
|
| 44 | 42 |
// Get the current dir |
| 45 | 43 |
$directory = $admin->get_post('dir');
|
| 46 | 44 |
if($directory == '/') {
|
| 47 | 45 |
$directory = ''; |
| 48 | 46 |
} |
| 49 |
// Check to see if it contains ../ |
|
| 50 |
if(strstr($directory, '../')) {
|
|
| 47 |
|
|
| 48 |
// Check to see if it contains .. |
|
| 49 |
if (!check_media_path($directory)) {
|
|
| 51 | 50 |
$admin->print_header(); |
| 52 | 51 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); |
| 53 | 52 |
} |
| 54 | 53 |
|
| 55 | 54 |
// Get the temp id |
| 56 |
if(!is_numeric($admin->get_post('id'))) {
|
|
| 57 |
header("Location: browse.php?dir=$directory");
|
|
| 58 |
exit(0); |
|
| 59 |
} else {
|
|
| 60 |
$file_id = $admin->get_post('id');
|
|
| 55 |
$file_id = $admin->checkIDKEY('id', false, 'POST');
|
|
| 56 |
if (!$file_id) {
|
|
| 57 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 61 | 58 |
} |
| 62 | 59 |
|
| 63 | 60 |
// Get home folder not to show |
| branches/2.8.x/wb/admin/media/setparameter.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
require('../../config.php');
|
| 27 | 20 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 28 | 21 |
$admin = new admin('Media', 'media', false);
|
| ... | ... | |
| 40 | 33 |
|
| 41 | 34 |
//Save post vars to the parameters file |
| 42 | 35 |
if ( !is_null($admin->get_post_escaped("save"))) {
|
| 36 |
if (!$admin->checkFTAN()) |
|
| 37 |
{
|
|
| 38 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 39 |
exit(); |
|
| 40 |
} |
|
| 41 |
|
|
| 43 | 42 |
//Check for existing settings entry, if not existing, create a record first! |
| 44 | 43 |
if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) {
|
| 45 | 44 |
$database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" );
|
| ... | ... | |
| 79 | 78 |
$template->set_var(array( |
| 80 | 79 |
'TEXT_HEADER' => $TEXT['TEXT_HEADER'], |
| 81 | 80 |
'SAVE_TEXT' => $TEXT['SAVE'], |
| 82 |
'BACK' => $TEXT['BACK'] |
|
| 81 |
'BACK' => $TEXT['BACK'],
|
|
| 83 | 82 |
) |
| 84 | 83 |
); |
| 85 | 84 |
|
| ... | ... | |
| 118 | 117 |
'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'], |
| 119 | 118 |
'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'], |
| 120 | 119 |
'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'], |
| 121 |
'ROW_BG_COLOR' => $row_bg_color |
|
| 120 |
'ROW_BG_COLOR' => $row_bg_color, |
|
| 121 |
'FTAN' => $admin->getFTAN() |
|
| 122 | 122 |
) |
| 123 | 123 |
); |
| 124 | 124 |
$template->parse('list', 'list_block', true);
|
| branches/2.8.x/wb/admin/media/resize_img.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
/** |
| 27 | 20 |
* Image Resizer. |
| 28 | 21 |
* @author : Harish Chauhan |
| branches/2.8.x/wb/admin/media/thumb.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
require('../../config.php');
|
| 27 | 20 |
include_once('resize_img.php');
|
| 21 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 22 |
|
|
| 28 | 23 |
if (isset($_GET['img']) && isset($_GET['t'])) {
|
| 29 | 24 |
$image = addslashes($_GET['img']); |
| 25 |
|
|
| 26 |
// Check to see if it contains .. |
|
| 27 |
if (!check_media_path($image)) {
|
|
| 28 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], WB_URL, false); |
|
| 29 |
} |
|
| 30 |
|
|
| 30 | 31 |
$type = addslashes($_GET['t']); |
| 31 | 32 |
$media = WB_PATH.MEDIA_DIRECTORY; |
| 32 | 33 |
$img=new RESIZEIMAGE($media.$image); |
| branches/2.8.x/wb/admin/media/browse.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package media |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Create admin object |
| 27 | 20 |
require('../../config.php');
|
| 28 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| ... | ... | |
| 88 | 81 |
} |
| 89 | 82 |
|
| 90 | 83 |
// Check to see if it contains ../ |
| 91 |
if(strstr($directory, '../')) {
|
|
| 84 |
if (!check_media_path($directory)) {
|
|
| 92 | 85 |
$admin->print_header(); |
| 93 | 86 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); |
| 94 | 87 |
} |
| ... | ... | |
| 157 | 150 |
$template->set_var(array( |
| 158 | 151 |
'NAME' => $name, |
| 159 | 152 |
'NAME_SLASHED' => addslashes($name), |
| 160 |
'TEMP_ID' => $temp_id,
|
|
| 153 |
'TEMP_ID' => $admin->getIDKEY($temp_id),
|
|
| 161 | 154 |
'LINK' => "browse.php?dir=$directory/$link_name", |
| 162 | 155 |
'LINK_TARGET' => '', |
| 163 | 156 |
'ROW_BG_COLOR' => $row_bg_color, |
| ... | ... | |
| 212 | 205 |
$template->set_var(array( |
| 213 | 206 |
'NAME' => $name, |
| 214 | 207 |
'NAME_SLASHED' => addslashes($name), |
| 215 |
'TEMP_ID' => $temp_id,
|
|
| 208 |
'TEMP_ID' => $admin->getIDKEY($temp_id),
|
|
| 216 | 209 |
'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, |
| 217 | 210 |
'LINK_TARGET' => '_blank', |
| 218 | 211 |
'ROW_BG_COLOR' => $row_bg_color, |
| branches/2.8.x/wb/admin/media/delete.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Create admin object |
| 27 | 20 |
require('../../config.php');
|
| 28 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| ... | ... | |
| 36 | 29 |
if($directory == '/') {
|
| 37 | 30 |
$directory = ''; |
| 38 | 31 |
} |
| 39 |
// Check to see if it contains ../ |
|
| 40 |
if(strstr($directory, '../')) {
|
|
| 32 |
|
|
| 33 |
// Check to see if it contains .. |
|
| 34 |
if (!check_media_path($directory)) {
|
|
| 41 | 35 |
$admin->print_header(); |
| 42 | 36 |
$admin->print_error($MESSAGE['MEDIA']['DOT_DOT_SLASH']); |
| 43 | 37 |
} |
| 44 | 38 |
|
| 45 | 39 |
// Get the temp id |
| 46 |
if(!is_numeric($admin->get_get('id'))) {
|
|
| 47 |
header("Location: browse.php?dir=$directory");
|
|
| 48 |
exit(0); |
|
| 49 |
} else {
|
|
| 50 |
$file_id = $admin->get_get('id');
|
|
| 40 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
| 41 |
if (!$file_id) {
|
|
| 42 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 51 | 43 |
} |
| 52 | 44 |
|
| 53 | 45 |
// Get home folder not to show |
| branches/2.8.x/wb/admin/media/create.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Get dir name and target location |
| 27 | 20 |
if(!isset($_POST['name']) OR $_POST['name'] == '') {
|
| 28 | 21 |
header("Location: index.php");
|
| ... | ... | |
| 42 | 35 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 43 | 36 |
$admin = new admin('Media', 'media_create');
|
| 44 | 37 |
|
| 38 |
if (!$admin->checkFTAN()) |
|
| 39 |
{
|
|
| 40 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 41 |
exit(); |
|
| 42 |
} |
|
| 43 |
|
|
| 45 | 44 |
// Include the WB functions file |
| 46 | 45 |
require_once(WB_PATH.'/framework/functions.php'); |
| 47 | 46 |
|
| 48 | 47 |
// Check to see if name or target contains ../ |
| 49 |
if(strstr($name, '../')) {
|
|
| 48 |
if(strstr($name, '..')) {
|
|
| 50 | 49 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); |
| 51 | 50 |
} |
| 52 |
if(strstr($target, '../')) {
|
|
| 51 |
if (!check_media_path($target, false)) {
|
|
| 52 |
w_debug("target: $target");
|
|
| 53 | 53 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); |
| 54 | 54 |
} |
| 55 | 55 |
|
| branches/2.8.x/wb/admin/media/parameters.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
function __unserialize($sObject) { // found in php manual :-)
|
| 27 | 20 |
$__ret =preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $sObject );
|
| 28 | 21 |
return unserialize($__ret); |
| branches/2.8.x/wb/admin/media/upload.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Target location |
| 27 | 20 |
if(!isset($_POST['target']) OR $_POST['target'] == '') {
|
| 28 | 21 |
header("Location: index.php");
|
| ... | ... | |
| 40 | 33 |
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. |
| 41 | 34 |
$admin = new admin('Media', 'media_upload');
|
| 42 | 35 |
|
| 36 |
if (!$admin->checkFTAN()) |
|
| 37 |
{
|
|
| 38 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 39 |
exit(); |
|
| 40 |
} |
|
| 41 |
|
|
| 43 | 42 |
// Include the WB functions file |
| 44 | 43 |
require_once(WB_PATH.'/framework/functions.php'); |
| 45 | 44 |
|
| 46 | 45 |
// Check to see if target contains ../ |
| 47 |
if(strstr($target, '../')) {
|
|
| 46 |
if (!check_media_path($target, false)) {
|
|
| 48 | 47 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); |
| 49 | 48 |
} |
| 50 | 49 |
|
| branches/2.8.x/wb/admin/media/index.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Print admin header |
| 27 | 20 |
require('../../config.php');
|
| 28 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| ... | ... | |
| 108 | 101 |
'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], |
| 109 | 102 |
'OPTIONS' => $TEXT['OPTION'], |
| 110 | 103 |
'TEXT_UNZIP_FILE' => $TEXT['UNZIP_FILE'], |
| 111 |
'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'] |
|
| 104 |
'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'], |
|
| 105 |
'FTAN' => $admin->getFTAN() |
|
| 112 | 106 |
) |
| 113 | 107 |
); |
| 114 | 108 |
|
| branches/2.8.x/wb/admin/media/rename.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package admintools |
|
| 6 |
* @author WebsiteBaker Project |
|
| 7 |
* @copyright 2004-2009, Ryan Djurovich |
|
| 8 |
* @copyright 2009-2011, Website Baker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL: $ |
|
| 15 |
* @lastmodified $Date: $ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 2 | 18 |
|
| 3 |
// $Id$ |
|
| 4 |
|
|
| 5 |
/* |
|
| 6 |
|
|
| 7 |
Website Baker Project <http://www.websitebaker.org/> |
|
| 8 |
Copyright (C) 2004-2009, Ryan Djurovich |
|
| 9 |
|
|
| 10 |
Website Baker is free software; you can redistribute it and/or modify |
|
| 11 |
it under the terms of the GNU General Public License as published by |
|
| 12 |
the Free Software Foundation; either version 2 of the License, or |
|
| 13 |
(at your option) any later version. |
|
| 14 |
|
|
| 15 |
Website Baker is distributed in the hope that it will be useful, |
|
| 16 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 17 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 18 |
GNU General Public License for more details. |
|
| 19 |
|
|
| 20 |
You should have received a copy of the GNU General Public License |
|
| 21 |
along with Website Baker; if not, write to the Free Software |
|
| 22 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 23 |
|
|
| 24 |
*/ |
|
| 25 |
|
|
| 26 | 19 |
// Create admin object |
| 27 | 20 |
require('../../config.php');
|
| 28 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| ... | ... | |
| 36 | 29 |
if($directory == '/') {
|
| 37 | 30 |
$directory = ''; |
| 38 | 31 |
} |
| 39 |
// Check to see if it contains ../ |
|
| 40 |
if(strstr($directory, '../')) {
|
|
| 41 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false); |
|
| 32 |
|
|
| 33 |
// Check to see if it contains .. |
|
| 34 |
if (!check_media_path($directory)) {
|
|
| 35 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], WB_URL, false); |
|
| 42 | 36 |
} |
| 43 | 37 |
|
| 44 | 38 |
// Get the temp id |
| 45 |
if(!is_numeric($admin->get_get('id'))) {
|
|
| 46 |
header("Location: browse.php?dir=$directory");
|
|
| 47 |
exit(0); |
|
| 48 |
} else {
|
|
| 49 |
$file_id = $admin->get_get('id');
|
|
| 39 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
| 40 |
if (!$file_id) {
|
|
| 41 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 50 | 42 |
} |
| 51 | 43 |
|
| 52 | 44 |
// Get home folder not to show |
| ... | ... | |
| 116 | 108 |
'THEME_URL' => THEME_URL, |
| 117 | 109 |
'FILENAME' => $rename_file, |
| 118 | 110 |
'DIR' => $directory, |
| 119 |
'FILE_ID' => $file_id,
|
|
| 111 |
'FILE_ID' => $admin->getIDKEY($file_id),
|
|
| 120 | 112 |
'TYPE' => $type, |
| 121 |
'EXTENSION' => $extension |
|
| 113 |
'EXTENSION' => $extension, |
|
| 114 |
'FTAN' => $admin->getFTAN() |
|
| 122 | 115 |
) |
| 123 | 116 |
); |
| 124 | 117 |
|
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 52 | 52 |
|
| 53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1399');
|
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1400');
|
|
| 56 | 56 |
|
| 57 | 57 |
?> |
| branches/2.8.x/wb/account/password.php | ||
|---|---|---|
| 26 | 26 |
$new_password = $_POST['new_password']; |
| 27 | 27 |
$new_password2 = $_POST['new_password2']; |
| 28 | 28 |
|
| 29 |
if (!$wb->checkFTAN()) |
|
| 30 |
{
|
|
| 31 |
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 32 |
exit(); |
|
| 33 |
} |
|
| 34 |
|
|
| 29 | 35 |
// Create a javascript back link |
| 30 | 36 |
$js_back = "javascript: history.go(-1);"; |
| 31 | 37 |
|
| ... | ... | |
| 58 | 64 |
$wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED'], WB_URL.'/account/preferences.php'); |
| 59 | 65 |
} |
| 60 | 66 |
|
| 61 |
|
|
| 62 | 67 |
?> |
| branches/2.8.x/wb/account/preferences_form.php | ||
|---|---|---|
| 17 | 17 |
*/ |
| 18 | 18 |
|
| 19 | 19 |
if(!defined('WB_URL')) die(header('Location: ../../index.php'));
|
| 20 |
|
|
| 20 |
$ftan = $wb->getFTAN(); |
|
| 21 | 21 |
?> |
| 22 | 22 |
|
| 23 | 23 |
<h2> <?php print $HEADING['MY_SETTINGS']; ?></h2> |
| 24 | 24 |
|
| 25 | 25 |
<form name="user" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;"> |
| 26 | 26 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 27 |
|
|
| 27 |
<?php echo $ftan; ?> |
|
| 28 | 28 |
<table cellpadding="5" cellspacing="0" border="0" width="97%"> |
| 29 | 29 |
<tr> |
| 30 | 30 |
<td width="140"><?php print $TEXT['DISPLAY_NAME']; ?>:</td> |
| ... | ... | |
| 146 | 146 |
|
| 147 | 147 |
<form name="email" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;"> |
| 148 | 148 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 149 |
|
|
| 149 |
<?php echo $ftan; ?> |
|
| 150 | 150 |
<table cellpadding="5" cellspacing="0" border="0" width="97%"> |
| 151 | 151 |
<tr> |
| 152 | 152 |
<td width="140"><?php print $TEXT['CURRENT_PASSWORD']; ?>:</td> |
| ... | ... | |
| 176 | 176 |
|
| 177 | 177 |
<form name="user" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post"> |
| 178 | 178 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 179 |
|
|
| 179 |
<?php echo $ftan; ?> |
|
| 180 | 180 |
<table cellpadding="5" cellspacing="0" border="0" width="97%"> |
| 181 | 181 |
<tr> |
| 182 | 182 |
<td width="140"><?php print $TEXT['CURRENT_PASSWORD']; ?>:</td> |
| branches/2.8.x/wb/account/details.php | ||
|---|---|---|
| 28 | 28 |
$date_format = $wb->get_post_escaped('date_format');
|
| 29 | 29 |
$time_format = $wb->get_post_escaped('time_format');
|
| 30 | 30 |
|
| 31 |
if (!$wb->checkFTAN()) |
|
| 32 |
{
|
|
| 33 |
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 34 |
exit(); |
|
| 35 |
} |
|
| 36 |
|
|
| 31 | 37 |
// Create a javascript back link |
| 32 | 38 |
$js_back = "javascript: history.go(-1);"; |
| 33 | 39 |
|
| branches/2.8.x/wb/account/email.php | ||
|---|---|---|
| 25 | 25 |
$current_password = $wb->get_post('current_password');
|
| 26 | 26 |
$email = $wb->get_post('email');
|
| 27 | 27 |
|
| 28 |
if (!$wb->checkFTAN()) |
|
| 29 |
{
|
|
| 30 |
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 31 |
exit(); |
|
| 32 |
} |
|
| 33 |
|
|
| 28 | 34 |
// Create a javascript back link |
| 29 | 35 |
$js_back = "javascript: history.go(-1);"; |
| 30 | 36 |
|
| branches/2.8.x/wb/account/signup2.php | ||
|---|---|---|
| 34 | 34 |
$display_name = strip_tags($wb->get_post_escaped('display_name'));
|
| 35 | 35 |
$email = $wb->get_post('email');
|
| 36 | 36 |
|
| 37 |
if (!$wb->checkFTAN()) |
|
| 38 |
{
|
|
| 39 |
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 40 |
exit(); |
|
| 41 |
} |
|
| 42 |
|
|
| 37 | 43 |
// Create a javascript back link |
| 38 | 44 |
$js_back = "javascript: history.go(-1);"; |
| 39 | 45 |
|
| branches/2.8.x/wb/account/signup_form.php | ||
|---|---|---|
| 27 | 27 |
<h1> <?php echo $TEXT['SIGNUP']; ?></h1> |
| 28 | 28 |
|
| 29 | 29 |
<form name="user" action="<?php echo WB_URL.'/account/signup.php'; ?>" method="post"> |
| 30 |
|
|
| 30 |
<?php echo $admin->getFTAN(); ?> |
|
| 31 | 31 |
<?php if(ENABLED_ASP) { // add some honeypot-fields
|
| 32 | 32 |
?> |
| 33 | 33 |
<div style="display:none;"> |
| branches/2.8.x/wb/framework/functions.php | ||
|---|---|---|
| 1332 | 1332 |
return $retval; |
| 1333 | 1333 |
} |
| 1334 | 1334 |
|
| 1335 |
|
|
| 1335 |
/* |
|
| 1336 |
* filter directory traversal more thoroughly, thanks to hal 9000 |
|
| 1337 |
* @param string $dir: directory relative to MEDIA_DIRECTORY |
|
| 1338 |
* @param bool $with_media_dir: true when to include MEDIA_DIRECTORY |
|
| 1339 |
* @return: false if directory traversal detected, real path if not |
|
| 1340 |
*/ |
|
| 1341 |
function check_media_path($directory, $with_media_dir = true) |
|
| 1342 |
{
|
|
| 1343 |
$md = ($with_media_dir) ? MEDIA_DIRECTORY : ''; |
|
| 1344 |
$dir = realpath(WB_PATH . $md . '/' . utf8_decode($directory)); |
|
| 1345 |
$required = realpath(WB_PATH . MEDIA_DIRECTORY); |
|
| 1346 |
if (strstr($dir, $required)) {
|
|
| 1347 |
return $dir; |
|
| 1348 |
} else {
|
|
| 1349 |
return false; |
|
| 1350 |
} |
|
| 1351 |
} |
|
| branches/2.8.x/wb/templates/wb_theme/templates/media_rename.htt | ||
|---|---|---|
| 14 | 14 |
<input type="hidden" name="dir" value="{DIR}" />
|
| 15 | 15 |
<input type="hidden" name="old_name" value="{FILENAME}" />
|
| 16 | 16 |
<input type="hidden" name="id" value="{FILE_ID}" />
|
| 17 |
|
|
| 17 |
{FTAN}
|
|
| 18 | 18 |
<table cellpadding="5" cellspacing="0" border="0" width="400" align="center"> |
| 19 | 19 |
<tr> |
| 20 | 20 |
<td align="center" colspan="2">{TEXT_RENAME} '{FILENAME}' {TEXT_TO}:</td>
|
| branches/2.8.x/wb/templates/wb_theme/templates/media.htt | ||
|---|---|---|
| 7 | 7 |
<iframe width="100%" height="382px" src="browse.php" scrolling="no"></iframe> |
| 8 | 8 |
<br /> |
| 9 | 9 |
<form name="create" action="create.php" method="post" class="{DISPLAY_CREATE}">
|
| 10 |
|
|
| 10 |
{FTAN}
|
|
| 11 | 11 |
<h2>{HEADING_CREATE_FOLDER}</h2>
|
| 12 | 12 |
|
| 13 | 13 |
<table cellpadding="3" cellspacing="0" border="0" width="100%"> |
| ... | ... | |
| 38 | 38 |
</form> |
| 39 | 39 |
|
| 40 | 40 |
<form name="upload" action="upload.php" method="post" enctype="multipart/form-data" class="{DISPLAY_UPLOAD}">
|
| 41 |
|
|
| 41 |
{FTAN}
|
|
| 42 | 42 |
<br /> |
| 43 | 43 |
|
| 44 | 44 |
<h2>{HEADING_UPLOAD_FILES}</h2>
|
| branches/2.8.x/wb/templates/argos_theme/templates/setparameter.htt | ||
|---|---|---|
| 40 | 40 |
</tr> |
| 41 | 41 |
</table> |
| 42 | 42 |
<form method="post" action="{ADMIN_URL}/media/setparameter.php">
|
| 43 |
{FTAN}
|
|
| 43 | 44 |
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="{DISPLAY_LIST_TABLE}">
|
| 44 | 45 |
<tr><td>{SETTINGS}</td><td><input type="checkbox" name="show_thumbs" {NO_SHOW_THUMBS_SELECTED}> {NO_SHOW_THUMBS}</td></tr>
|
| 45 | 46 |
<tr class="{DISPLAY_ADMIN}"><td></td> <td><input type="checkbox" name="admin_only" {ADMIN_ONLY_SELECTED}> {ADMIN_ONLY}</td></tr>
|
| ... | ... | |
| 55 | 56 |
<td><input type="submit" name="save" value="{SAVE_TEXT}"></td>
|
| 56 | 57 |
</tr> |
| 57 | 58 |
</table> |
| 58 |
|
|
| 59 |
</form> |
|
| 59 | 60 |
</body> |
| 60 | 61 |
</html> |
| 61 | 62 |
|
| branches/2.8.x/wb/templates/argos_theme/templates/media_rename.htt | ||
|---|---|---|
| 17 | 17 |
<input type="hidden" name="dir" value="{DIR}" />
|
| 18 | 18 |
<input type="hidden" name="old_name" value="{FILENAME}" />
|
| 19 | 19 |
<input type="hidden" name="id" value="{FILE_ID}" />
|
| 20 |
|
|
| 20 |
{FTAN}
|
|
| 21 | 21 |
<table cellpadding="5" cellspacing="0" border="0" width="400" align="center"> |
| 22 | 22 |
<tr> |
| 23 | 23 |
<td align="center" colspan="2">{TEXT_RENAME} '{FILENAME}' {TEXT_TO}:</td>
|
| branches/2.8.x/wb/templates/argos_theme/templates/media.htt | ||
|---|---|---|
| 6 | 6 |
<td width="300" valign="top" align="left"> |
| 7 | 7 |
<h2>{HEADING_UPLOAD_FILES}</h2>
|
| 8 | 8 |
<form name="upload" action="upload.php" method="post" enctype="multipart/form-data" class="{DISPLAY_UPLOAD}">
|
| 9 |
<table cellpadding="3" cellspacing="0" border="0" width="100%"> |
|
| 9 |
{FTAN}
|
|
| 10 |
<table cellpadding="3" cellspacing="0" border="0" width="100%"> |
|
| 10 | 11 |
<tr> |
| 11 | 12 |
<td>{TEXT_TARGET_FOLDER}:<br />
|
| 12 | 13 |
<select name="target" style="width:100%;" |
| ... | ... | |
| 79 | 80 |
<div class="show"> |
| 80 | 81 |
<br /><br /> |
| 81 | 82 |
<form name="create" action="create.php" method="post" class="{DISPLAY_CREATE}">
|
| 83 |
{FTAN}
|
|
| 82 | 84 |
<h2>{HEADING_CREATE_FOLDER}</h2>
|
| 83 | 85 |
<table cellpadding="3" cellspacing="0" border="0" width="100%"> |
| 84 | 86 |
<tr> |
Also available in: Unified diff