Index: branches/2.8.x/wb/admin/media/rename2.php =================================================================== --- branches/2.8.x/wb/admin/media/rename2.php (revision 1399) +++ branches/2.8.x/wb/admin/media/rename2.php (revision 1400) @@ -1,63 +1,60 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Create admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media_rename', false); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Include the WB functions file require_once(WB_PATH.'/framework/functions.php'); // Get list of file types to which we're supposed to append 'txt' -$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); -$file_extension_string=''; +$get_result = $database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); +$file_extension_string = ''; if ($get_result->numRows()>0) { - $fetch_result=$get_result->fetchRow(); - $file_extension_string=$fetch_result['value']; + $fetch_result = $get_result->fetchRow(); + $file_extension_string = $fetch_result['value']; } $file_extensions=explode(",",$file_extension_string); - // Get the current dir $directory = $admin->get_post('dir'); if($directory == '/') { $directory = ''; } -// Check to see if it contains ../ -if(strstr($directory, '../')) { + +// Check to see if it contains .. +if (!check_media_path($directory)) { $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); } // Get the temp id -if(!is_numeric($admin->get_post('id'))) { - header("Location: browse.php?dir=$directory"); - exit(0); -} else { - $file_id = $admin->get_post('id'); +$file_id = $admin->checkIDKEY('id', false, 'POST'); +if (!$file_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); } // Get home folder not to show Index: branches/2.8.x/wb/admin/media/setparameter.php =================================================================== --- branches/2.8.x/wb/admin/media/setparameter.php (revision 1399) +++ branches/2.8.x/wb/admin/media/setparameter.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media', false); @@ -40,6 +33,12 @@ //Save post vars to the parameters file if ( !is_null($admin->get_post_escaped("save"))) { + if (!$admin->checkFTAN()) + { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); + } + //Check for existing settings entry, if not existing, create a record first! if (!$database->query ( "SELECT * FROM ".TABLE_PREFIX."settings where `name`='mediasettings'" )) { $database->query ( "INSERT INTO ".TABLE_PREFIX."settings (`name`,`value`) VALUES ('mediasettings','')" ); @@ -79,7 +78,7 @@ $template->set_var(array( 'TEXT_HEADER' => $TEXT['TEXT_HEADER'], 'SAVE_TEXT' => $TEXT['SAVE'], - 'BACK' => $TEXT['BACK'] + 'BACK' => $TEXT['BACK'], ) ); @@ -118,7 +117,8 @@ 'ADMIN_ONLY_SELECTED' => $pathsettings['global']['admin_only'], 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'], 'NO_SHOW_THUMBS_SELECTED' => $pathsettings['global']['show_thumbs'], - 'ROW_BG_COLOR' => $row_bg_color + 'ROW_BG_COLOR' => $row_bg_color, + 'FTAN' => $admin->getFTAN() ) ); $template->parse('list', 'list_block', true); Index: branches/2.8.x/wb/admin/media/resize_img.php =================================================================== --- branches/2.8.x/wb/admin/media/resize_img.php (revision 1399) +++ branches/2.8.x/wb/admin/media/resize_img.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - /** * Image Resizer. * @author : Harish Chauhan Index: branches/2.8.x/wb/admin/media/thumb.php =================================================================== --- branches/2.8.x/wb/admin/media/thumb.php (revision 1399) +++ branches/2.8.x/wb/admin/media/thumb.php (revision 1400) @@ -1,32 +1,33 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - require('../../config.php'); include_once('resize_img.php'); +require_once(WB_PATH.'/framework/functions.php'); + if (isset($_GET['img']) && isset($_GET['t'])) { $image = addslashes($_GET['img']); + + // Check to see if it contains .. + if (!check_media_path($image)) { + $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], WB_URL, false); + } + $type = addslashes($_GET['t']); $media = WB_PATH.MEDIA_DIRECTORY; $img=new RESIZEIMAGE($media.$image); Index: branches/2.8.x/wb/admin/media/browse.php =================================================================== --- branches/2.8.x/wb/admin/media/browse.php (revision 1399) +++ branches/2.8.x/wb/admin/media/browse.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Create admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); @@ -88,7 +81,7 @@ } // Check to see if it contains ../ -if(strstr($directory, '../')) { +if (!check_media_path($directory)) { $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); } @@ -157,7 +150,7 @@ $template->set_var(array( 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), - 'TEMP_ID' => $temp_id, + 'TEMP_ID' => $admin->getIDKEY($temp_id), 'LINK' => "browse.php?dir=$directory/$link_name", 'LINK_TARGET' => '', 'ROW_BG_COLOR' => $row_bg_color, @@ -212,7 +205,7 @@ $template->set_var(array( 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), - 'TEMP_ID' => $temp_id, + 'TEMP_ID' => $admin->getIDKEY($temp_id), 'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, 'LINK_TARGET' => '_blank', 'ROW_BG_COLOR' => $row_bg_color, Index: branches/2.8.x/wb/admin/media/delete.php =================================================================== --- branches/2.8.x/wb/admin/media/delete.php (revision 1399) +++ branches/2.8.x/wb/admin/media/delete.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Create admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); @@ -36,18 +29,17 @@ if($directory == '/') { $directory = ''; } -// Check to see if it contains ../ -if(strstr($directory, '../')) { + +// Check to see if it contains .. +if (!check_media_path($directory)) { $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DOT_DOT_SLASH']); } // Get the temp id -if(!is_numeric($admin->get_get('id'))) { - header("Location: browse.php?dir=$directory"); - exit(0); -} else { - $file_id = $admin->get_get('id'); +$file_id = $admin->checkIDKEY('id', false, 'GET'); +if (!$file_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); } // Get home folder not to show Index: branches/2.8.x/wb/admin/media/create.php =================================================================== --- branches/2.8.x/wb/admin/media/create.php (revision 1399) +++ branches/2.8.x/wb/admin/media/create.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Get dir name and target location if(!isset($_POST['name']) OR $_POST['name'] == '') { header("Location: index.php"); @@ -42,14 +35,21 @@ require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media_create'); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Include the WB functions file require_once(WB_PATH.'/framework/functions.php'); // Check to see if name or target contains ../ -if(strstr($name, '../')) { +if(strstr($name, '..')) { $admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); } -if(strstr($target, '../')) { +if (!check_media_path($target, false)) { + w_debug("target: $target"); $admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); } Index: branches/2.8.x/wb/admin/media/parameters.php =================================================================== --- branches/2.8.x/wb/admin/media/parameters.php (revision 1399) +++ branches/2.8.x/wb/admin/media/parameters.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - function __unserialize($sObject) { // found in php manual :-) $__ret =preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $sObject ); return unserialize($__ret); Index: branches/2.8.x/wb/admin/media/upload.php =================================================================== --- branches/2.8.x/wb/admin/media/upload.php (revision 1399) +++ branches/2.8.x/wb/admin/media/upload.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Target location if(!isset($_POST['target']) OR $_POST['target'] == '') { header("Location: index.php"); @@ -40,11 +33,17 @@ require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. $admin = new admin('Media', 'media_upload'); +if (!$admin->checkFTAN()) +{ + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Include the WB functions file require_once(WB_PATH.'/framework/functions.php'); // Check to see if target contains ../ -if(strstr($target, '../')) { +if (!check_media_path($target, false)) { $admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); } Index: branches/2.8.x/wb/admin/media/index.php =================================================================== --- branches/2.8.x/wb/admin/media/index.php (revision 1399) +++ branches/2.8.x/wb/admin/media/index.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Print admin header require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); @@ -108,7 +101,8 @@ 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'OPTIONS' => $TEXT['OPTION'], 'TEXT_UNZIP_FILE' => $TEXT['UNZIP_FILE'], - 'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'] + 'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'], + 'FTAN' => $admin->getFTAN() ) ); Index: branches/2.8.x/wb/admin/media/rename.php =================================================================== --- branches/2.8.x/wb/admin/media/rename.php (revision 1399) +++ branches/2.8.x/wb/admin/media/rename.php (revision 1400) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - // Create admin object require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); @@ -36,17 +29,16 @@ if($directory == '/') { $directory = ''; } -// Check to see if it contains ../ -if(strstr($directory, '../')) { - $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false); + +// Check to see if it contains .. +if (!check_media_path($directory)) { + $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], WB_URL, false); } // Get the temp id -if(!is_numeric($admin->get_get('id'))) { - header("Location: browse.php?dir=$directory"); - exit(0); -} else { - $file_id = $admin->get_get('id'); +$file_id = $admin->checkIDKEY('id', false, 'GET'); +if (!$file_id) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); } // Get home folder not to show @@ -116,9 +108,10 @@ 'THEME_URL' => THEME_URL, 'FILENAME' => $rename_file, 'DIR' => $directory, - 'FILE_ID' => $file_id, + 'FILE_ID' => $admin->getIDKEY($file_id), 'TYPE' => $type, - 'EXTENSION' => $extension + 'EXTENSION' => $extension, + 'FTAN' => $admin->getFTAN() ) ); Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1399) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1400) @@ -52,6 +52,6 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2.RC5'); -if(!defined('REVISION')) define('REVISION', '1399'); +if(!defined('REVISION')) define('REVISION', '1400'); ?> Index: branches/2.8.x/wb/account/password.php =================================================================== --- branches/2.8.x/wb/account/password.php (revision 1399) +++ branches/2.8.x/wb/account/password.php (revision 1400) @@ -26,6 +26,12 @@ $new_password = $_POST['new_password']; $new_password2 = $_POST['new_password2']; +if (!$wb->checkFTAN()) +{ + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Create a javascript back link $js_back = "javascript: history.go(-1);"; @@ -58,5 +64,4 @@ $wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED'], WB_URL.'/account/preferences.php'); } - ?> \ No newline at end of file Index: branches/2.8.x/wb/account/preferences_form.php =================================================================== --- branches/2.8.x/wb/account/preferences_form.php (revision 1399) +++ branches/2.8.x/wb/account/preferences_form.php (revision 1400) @@ -17,7 +17,7 @@ */ if(!defined('WB_URL')) die(header('Location: ../../index.php')); - +$ftan = $wb->getFTAN(); ?>

 

@@ -24,7 +24,7 @@
- + @@ -146,7 +146,7 @@ - +
:
@@ -176,7 +176,7 @@ - +
:
Index: branches/2.8.x/wb/account/details.php =================================================================== --- branches/2.8.x/wb/account/details.php (revision 1399) +++ branches/2.8.x/wb/account/details.php (revision 1400) @@ -28,6 +28,12 @@ $date_format = $wb->get_post_escaped('date_format'); $time_format = $wb->get_post_escaped('time_format'); +if (!$wb->checkFTAN()) +{ + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Create a javascript back link $js_back = "javascript: history.go(-1);"; Index: branches/2.8.x/wb/account/email.php =================================================================== --- branches/2.8.x/wb/account/email.php (revision 1399) +++ branches/2.8.x/wb/account/email.php (revision 1400) @@ -25,6 +25,12 @@ $current_password = $wb->get_post('current_password'); $email = $wb->get_post('email'); +if (!$wb->checkFTAN()) +{ + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Create a javascript back link $js_back = "javascript: history.go(-1);"; Index: branches/2.8.x/wb/account/signup2.php =================================================================== --- branches/2.8.x/wb/account/signup2.php (revision 1399) +++ branches/2.8.x/wb/account/signup2.php (revision 1400) @@ -34,6 +34,12 @@ $display_name = strip_tags($wb->get_post_escaped('display_name')); $email = $wb->get_post('email'); +if (!$wb->checkFTAN()) +{ + $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); + exit(); +} + // Create a javascript back link $js_back = "javascript: history.go(-1);"; Index: branches/2.8.x/wb/account/signup_form.php =================================================================== --- branches/2.8.x/wb/account/signup_form.php (revision 1399) +++ branches/2.8.x/wb/account/signup_form.php (revision 1400) @@ -27,7 +27,7 @@

 

- + getFTAN(); ?>
Index: branches/2.8.x/wb/framework/functions.php =================================================================== --- branches/2.8.x/wb/framework/functions.php (revision 1399) +++ branches/2.8.x/wb/framework/functions.php (revision 1400) @@ -1332,4 +1332,20 @@ return $retval; } - +/* + * filter directory traversal more thoroughly, thanks to hal 9000 + * @param string $dir: directory relative to MEDIA_DIRECTORY + * @param bool $with_media_dir: true when to include MEDIA_DIRECTORY + * @return: false if directory traversal detected, real path if not + */ + function check_media_path($directory, $with_media_dir = true) + { + $md = ($with_media_dir) ? MEDIA_DIRECTORY : ''; + $dir = realpath(WB_PATH . $md . '/' . utf8_decode($directory)); + $required = realpath(WB_PATH . MEDIA_DIRECTORY); + if (strstr($dir, $required)) { + return $dir; + } else { + return false; + } + } Index: branches/2.8.x/wb/templates/wb_theme/templates/media_rename.htt =================================================================== --- branches/2.8.x/wb/templates/wb_theme/templates/media_rename.htt (revision 1399) +++ branches/2.8.x/wb/templates/wb_theme/templates/media_rename.htt (revision 1400) @@ -14,7 +14,7 @@ - +{FTAN}
:
Index: branches/2.8.x/wb/templates/wb_theme/templates/media.htt =================================================================== --- branches/2.8.x/wb/templates/wb_theme/templates/media.htt (revision 1399) +++ branches/2.8.x/wb/templates/wb_theme/templates/media.htt (revision 1400) @@ -7,7 +7,7 @@
- +{FTAN}

{HEADING_CREATE_FOLDER}

{TEXT_RENAME} '{FILENAME}' {TEXT_TO}:
@@ -38,7 +38,7 @@ - +{FTAN}

{HEADING_UPLOAD_FILES}

Index: branches/2.8.x/wb/templates/argos_theme/templates/setparameter.htt =================================================================== --- branches/2.8.x/wb/templates/argos_theme/templates/setparameter.htt (revision 1399) +++ branches/2.8.x/wb/templates/argos_theme/templates/setparameter.htt (revision 1400) @@ -40,6 +40,7 @@
+ {FTAN}   @@ -55,7 +56,7 @@
{SETTINGS} {NO_SHOW_THUMBS}
{ADMIN_ONLY}
- + Index: branches/2.8.x/wb/templates/argos_theme/templates/media_rename.htt =================================================================== --- branches/2.8.x/wb/templates/argos_theme/templates/media_rename.htt (revision 1399) +++ branches/2.8.x/wb/templates/argos_theme/templates/media_rename.htt (revision 1400) @@ -17,7 +17,7 @@ - +{FTAN} Index: branches/2.8.x/wb/templates/argos_theme/templates/media.htt =================================================================== --- branches/2.8.x/wb/templates/argos_theme/templates/media.htt (revision 1399) +++ branches/2.8.x/wb/templates/argos_theme/templates/media.htt (revision 1400) @@ -6,7 +6,8 @@
{TEXT_RENAME} '{FILENAME}' {TEXT_TO}:

{HEADING_UPLOAD_FILES}

- + {FTAN} +
{TEXT_TARGET_FOLDER}: