Project

General

Profile

« Previous | Next » 

Revision 1402

Added by Luisehahne almost 15 years ago

secure peparing and beginning fix admin/pages

View differences:

index.php
19 19 
require('../../config.php');
20 20 
require_once(WB_PATH.'/framework/class.admin.php');
21 21 
$admin = new admin('Pages', 'pages');
22 

  		




  
  23
  
    
$admin->clearIDKEY();


  		




  
  24
  
    

  		




  22
  25
  
    
// Include the WB functions file


  		




  23
  26
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  24
  27
  
    
// eggsurplus: add child pages for a specific page


  		




  ......




  66
  69
  
    

  		




  67
  70
  
    
    print set_node ($parent,$par);


  		




  68
  71
  
    

  		




  69
  
  
    
	// $database = new database();


  		




  70
  
  
    

  		




  71
  72
  
    
	// Get page list from database


  		




  72
  73
  
    
    $sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` WHERE `parent` = '.$parent.' ';


  		




  73
  74
  
    
    $sql .= (PAGE_TRASH != 'inline') ?  'AND `visibility` != \'deleted\' ' : ' ';


  		




  ......




  156
  157
  
    
				</td>


  		




  157
  158
  
    
				<?php if($admin->get_permission('pages_modify') == true && $can_modify == true) { ?>


  		




  158
  159
  
    
				<td class="list_menu_title">


  		




  159
  
  
    
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">


  		




  
  160
  
    
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">


  		




  160
  161
  
    
						<?php if($page['visibility'] == 'public') { ?>


  		




  161
  162
  
    
							<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" />


  		




  162
  163
  
    
						<?php } elseif($page['visibility'] == 'private') { ?>


  		




  ......




  208
  209
  
    
				<td class="list_actions">


  		




  209
  210
  
    
					<?php if($page['visibility'] != 'deleted') { ?>


  		




  210
  211
  
    
						<?php if($admin->get_permission('pages_settings') == true && $can_modify == true) { ?>


  		




  211
  
  
    
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">


  		




  
  212
  
    
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">


  		




  212
  213
  
    
							<img src="<?php echo THEME_URL; ?>/images/modify_16.png" alt="<?php echo $TEXT['SETTINGS']; ?>" />


  		




  213
  214
  
    
						</a>


  		




  214
  215
  
    
						<?php } ?>


  		




  215
  216
  
    
					<?php } else { ?>


  		




  216
  
  
    
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">


  		




  
  217
  
    
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">


  		




  217
  218
  
    
							<img src="<?php echo THEME_URL; ?>/images/restore_16.png" alt="<?php echo $TEXT['RESTORE']; ?>" />


  		




  218
  219
  
    
						</a>


  		




  219
  220
  
    
					<?php } ?>


  		




  ......




  224
  225
  
    
				// Work-out if we should show the "manage dates" link


  		




  225
  226
  
    
				if(MANAGE_SECTIONS == 'enabled' && $admin->get_permission('pages_modify')==true && $can_modify==true)


  		




  226
  227
  
    
                {


  		




  227
  
  
    

  		




  228
  228
  
    
                    $sql = 'SELECT `publ_start`, `publ_end` FROM `'.TABLE_PREFIX.'sections` ';


  		




  229
  229
  
    
                    $sql .= 'WHERE `page_id` = '.$page['page_id'].' AND `module` != \'menu_link\' ';


  		




  230
  230
  
    
                    $query_sections = $database->query($sql);


  		




  ......




  246
  246
  
    
                        {


  		




  247
  247
  
    
							$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png";


  		




  248
  248
  
    
							?>


  		




  249
  
  
    
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">


  		




  
  249
  
    
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">


  		




  250
  250
  
    
							<img src="<?php echo THEME_URL."/images/$file"; ?>" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" />


  		




  251
  251
  
    
							</a>


  		




  252
  252
  
    
						<?php } else { ?>


  		




  253
  
  
    
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">


  		




  
  253
  
    
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">


  		




  254
  254
  
    
							<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a>


  		




  255
  255
  
    
						<?php } ?>


  		




  256
  256
  
    
					<?php } ?>


  		




  ......




  279
  279
  
    
				<?php } ?>


  		




  280
  280
  
    
				</td>


  		




  281
  281
  
    
				<td class="list_actions">


  		




  282
  
  
    
					<?php if($admin->get_permission('pages_delete') == true && $can_modify == true) { ?>


  		




  283
  
  
    
					<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">


  		




  
  282
  
    
					<?php if($admin->get_permission('pages_delete') == true && $can_modify == true) { // add IdKey ?>


  		




  
  283
  
    
					<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">


  		




  284
  284
  
    
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['DELETE']; ?>" />


  		




  285
  285
  
    
					</a>


  		




  286
  286
  
    
					<?php } ?>


  		




  ......




  350
  350
  
    
    // Work-out if we should check for existing page_code


  		




  351
  351
  
    
    $field_sql = $database->query("DESCRIBE ".TABLE_PREFIX."pages page_code");


  		




  352
  352
  
    
    $field_set = $field_sql->numRows();


  		




  353
  
  
    

  		




  354
  353
  
    
    $par = array();


  		




  355
  354
  
    
	$par['num_subs'] = 1;


  		




  356
  355
  
    
	$editable_pages = make_list(0, 0);


  		




  ......




  358
  357
  
    
	$editable_pages = 0;


  		




  359
  358
  
    
}


  		




  360
  359
  
    
 ?></div><?php


  		




  
  360
  
    

  		




  361
  361
  
    
if(intval($editable_pages) == 0 ) {


  		




  362
  362
  
    
	?>


  		




  363
  363
  
    
	<div class="empty_list">


  		












Also available in:  Unified diff