Project

General

Profile

« Previous | Next » 

Revision 1404

Added by Luisehahne almost 15 years ago

Security fix in pages

View differences:

index.php
157 157 
				</td>
158 158 
				<?php if($admin->get_permission('pages_modify') == true && $can_modify == true) { ?>
159 159 
				<td class="list_menu_title">
160 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
160 
					<a href="<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo  $page['page_id']; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
161 161 
						<?php if($page['visibility'] == 'public') { ?>
162 162 
							<img src="<?php echo THEME_URL; ?>/images/visible_16.png" alt="<?php echo $TEXT['VISIBILITY']; ?>: <?php echo $TEXT['PUBLIC']; ?>" class="page_list_rights" />
163 163 
						<?php } elseif($page['visibility'] == 'private') { ?>
......
209 209 
				<td class="list_actions">
210 210 
					<?php if($page['visibility'] != 'deleted') { ?>
211 211 
						<?php if($admin->get_permission('pages_settings') == true && $can_modify == true) { ?>
212 
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
212 
						<a href="<?php echo ADMIN_URL; ?>/pages/settings.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['SETTINGS']; ?>">
213 213 
							<img src="<?php echo THEME_URL; ?>/images/modify_16.png" alt="<?php echo $TEXT['SETTINGS']; ?>" />
214 214 
						</a>
215 215 
						<?php } ?>
216 216 
					<?php } else { ?>
217 
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
217 
						<a href="<?php echo ADMIN_URL; ?>/pages/restore.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $TEXT['RESTORE']; ?>">
218 218 
							<img src="<?php echo THEME_URL; ?>/images/restore_16.png" alt="<?php echo $TEXT['RESTORE']; ?>" />
219 219 
						</a>
220 220 
					<?php } ?>
......
246 246 
                        {
247 247 
							$file=$admin->page_is_active($page)?"clock_16.png":"clock_red_16.png";
248 248 
							?>
249 
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
249 
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
250 250 
							<img src="<?php echo THEME_URL."/images/$file"; ?>" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" />
251 251 
							</a>
252 252 
						<?php } else { ?>
253 
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
253 
							<a href="<?php echo ADMIN_URL; ?>/pages/sections.php?page_id=<?php echo $page['page_id']; ?>" title="<?php echo $HEADING['MANAGE_SECTIONS']; ?>">
254 254 
							<img src="<?php echo THEME_URL; ?>/images/noclock_16.png" alt="<?php echo $HEADING['MANAGE_SECTIONS']; ?>" /></a>
255 255 
						<?php } ?>
256 256 
					<?php } ?>
......
280 280 
				</td>
281 281 
				<td class="list_actions">
282 282 
					<?php if($admin->get_permission('pages_delete') == true && $can_modify == true) { // add IdKey ?>
283 
					<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo /*$admin->getIDKEY($page['page_id'])*/ $page['page_id']; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
283 
					<a href="javascript:confirm_link('<?php echo $MESSAGE['PAGES_DELETE_CONFIRM']; ?>?','<?php echo ADMIN_URL; ?>/pages/delete.php?page_id=<?php echo $admin->getIDKEY($page['page_id']); ?>');" title="<?php echo $TEXT['DELETE']; ?>">
284 284 
						<img src="<?php echo THEME_URL; ?>/images/delete_16.png" alt="<?php echo $TEXT['DELETE']; ?>" />
285 285 
					</a>
286 286 
					<?php } ?>

Also available in: Unified diff