Revision 1404
Added by Dietmar almost 14 years ago
| branches/2.8.x/CHANGELOG | ||
|---|---|---|
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
|
| 13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
| 14 |
22 Jan-2011 Build 1404 Dietmar Woellbrink (Luisehahne) |
|
| 15 |
# Security fix in pages |
|
| 14 | 16 |
22 Jan-2011 Build 1403 Dietmar Woellbrink (Luisehahne) |
| 15 | 17 |
! small fix |
| 16 | 18 |
22 Jan-2011 Build 1402 Dietmar Woellbrink (Luisehahne) |
| branches/2.8.x/wb/admin/pages/delete.php | ||
|---|---|---|
| 25 | 25 |
// Include the WB functions file |
| 26 | 26 |
require_once(WB_PATH.'/framework/functions.php'); |
| 27 | 27 |
|
| 28 |
/* |
|
| 28 |
|
|
| 29 | 29 |
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
|
| 30 | 30 |
{
|
| 31 | 31 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
| 32 | 32 |
exit(); |
| 33 | 33 |
} |
| 34 |
*/ |
|
| 35 | 34 |
|
| 35 |
/* |
|
| 36 | 36 |
// Get page id |
| 37 | 37 |
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
|
| 38 | 38 |
header("Location: index.php");
|
| ... | ... | |
| 40 | 40 |
} else {
|
| 41 | 41 |
$page_id = $_GET['page_id']; |
| 42 | 42 |
} |
| 43 |
|
|
| 43 |
*/ |
|
| 44 | 44 |
// Get perms |
| 45 | 45 |
if (!$admin->get_page_permission($page_id,'admin')) {
|
| 46 | 46 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
| branches/2.8.x/wb/admin/pages/index.php | ||
|---|---|---|
| 157 | 157 |
</td> |
| 158 | 158 |
<?php if($admin->get_permission('pages_modify') == true && $can_modify == true) { ?>
|
| 159 | 159 |
<td class="list_menu_title"> |
| 160 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
|
|
| 160 |
<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>"> |
|
| 161 | 161 |
<?php if($page['visibility'] == 'public') { ?>
|
| 162 | 162 |
<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" /> |
| 163 | 163 |
<?php } elseif($page['visibility'] == 'private') { ?>
|
| ... | ... | |
| 209 | 209 |
<td class="list_actions"> |
| 210 | 210 |
<?php if($page['visibility'] != 'deleted') { ?>
|
| 211 | 211 |
<?php if($admin->get_permission('pages_settings') == true && $can_modify == true) { ?>
|
| 212 |
<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
|
|
| 212 |
<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>"> |
|
| 213 | 213 |
<img src="<?php echo THEME_URL; ?>/images/modify_16.png" alt="<?php echo $TEXT['SETTINGS']; ?>" /> |
| 214 | 214 |
</a> |
| 215 | 215 |
<?php } ?> |
| 216 | 216 |
<?php } else { ?>
|
| 217 |
<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
|
|
| 217 |
<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>"> |
|
| 218 | 218 |
<img src="<?php echo THEME_URL; ?>/images/restore_16.png" alt="<?php echo $TEXT['RESTORE']; ?>" /> |
| 219 | 219 |
</a> |
| 220 | 220 |
<?php } ?> |
| ... | ... | |
| 246 | 246 |
{
|
| 247 | 247 |
$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png"; |
| 248 | 248 |
?> |
| 249 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
|
|
| 249 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>"> |
|
| 250 | 250 |
<img src="<?php echo THEME_URL."/images/$file"; ?>" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /> |
| 251 | 251 |
</a> |
| 252 | 252 |
<?php } else { ?>
|
| 253 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
|
|
| 253 |
<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>"> |
|
| 254 | 254 |
<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a> |
| 255 | 255 |
<?php } ?> |
| 256 | 256 |
<?php } ?> |
| ... | ... | |
| 280 | 280 |
</td> |
| 281 | 281 |
<td class="list_actions"> |
| 282 | 282 |
<?php if($admin->get_permission('pages_delete') == true && $can_modify == true) { // add IdKey ?>
|
| 283 |
<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 283 |
<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $admin->getIDKEY($page['page_id']); ?>');" title="<?php echo $TEXT['DELETE']; ?>">
|
|
| 284 | 284 |
<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['DELETE']; ?>" /> |
| 285 | 285 |
</a> |
| 286 | 286 |
<?php } ?> |
| branches/2.8.x/wb/admin/pages/sections.php | ||
|---|---|---|
| 217 | 217 |
// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), |
| 218 | 218 |
'PAGE_IDKEY' => $results_array['page_id'], |
| 219 | 219 |
'VAR_PAGE_TITLE' => $results_array['page_title'], |
| 220 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='./*$admin->getIDKEY()*/$results_array['page_id'],
|
|
| 221 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='./*$admin->getIDKEY()*/$results_array['page_id']
|
|
| 220 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], |
|
| 221 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] |
|
| 222 | 222 |
) |
| 223 | 223 |
); |
| 224 | 224 |
|
| ... | ... | |
| 245 | 245 |
{
|
| 246 | 246 |
$edit_page = ''; |
| 247 | 247 |
} |
| 248 |
$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='./*$admin->getIDKEY()*/$results_array['page_id'];
|
|
| 248 |
$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']; |
|
| 249 | 249 |
$edit_page_1 = $section['section_id'].'">'.$section['module'].'</a>'; |
| 250 | 250 |
if(SECTION_BLOCKS) |
| 251 | 251 |
{
|
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 52 | 52 |
|
| 53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1403');
|
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1404');
|
|
| 56 | 56 |
|
| 57 | 57 |
?> |
Also available in: Unified diff
Security fix in pages