Revision 1475
Added by Dietmar over 13 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
------------------------------------- 2.8.2 ------------------------------------ |
14 |
13 Jul-2011 Build 1475 Dietmar Woellbrink (Luisehahne) |
|
15 |
+ add SecureForm.mtab.php under mantennance by WebsiteBaker Community |
|
16 |
! security fixes media, groups, users, sections |
|
17 |
# change lang variable to remove upgrade-script |
|
18 |
! reworked add sections in pages |
|
19 |
! fix set empty href in show_menu2 |
|
20 |
! set show_menu2 version to 4.9.6 |
|
21 |
! reworked Droplet LoginBox, add redirect query |
|
22 |
- remove unneeded folder js |
|
23 |
! set Droplet to version 1.1.0 |
|
24 |
+ add checkboxes to change frontend absolute url to relative urls |
|
25 |
! set output_filter version to 0.2 |
|
14 | 26 |
12 Jul-2011 Build 1474 Werner v.d.Decken(DarkViper) |
15 | 27 |
# for security reasons the 'remember me' functionality is deaktivated in |
16 | 28 |
class login |
branches/2.8.x/wb/admin/groups/groups.php | ||
---|---|---|
20 | 20 |
require('../../config.php'); |
21 | 21 |
require_once(WB_PATH.'/framework/class.admin.php'); |
22 | 22 |
|
23 |
// Create new database object |
|
24 |
// $database = new database(); |
|
23 |
// Set parameter 'action' as alternative to javascript mechanism |
|
24 |
$action = 'cancel'; |
|
25 |
// Set parameter 'action' as alternative to javascript mechanism |
|
26 |
$action = (isset($_POST['modify']) ? 'modify' : $action ); |
|
27 |
$action = (isset($_POST['delete']) ? 'delete' : $action ); |
|
25 | 28 |
|
26 |
if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) { |
|
27 |
header("Location: index.php"); |
|
28 |
exit(0); |
|
29 |
} |
|
29 |
switch ($action): |
|
30 |
case 'modify' : |
|
30 | 31 |
|
31 |
// Set parameter 'action' as alternative to javascript mechanism |
|
32 |
if(isset($_POST['modify'])) |
|
33 |
$_POST['action'] = "modify"; |
|
34 |
if(isset($_POST['delete'])) |
|
35 |
$_POST['action'] = "delete"; |
|
32 |
// Create new admin object |
|
33 |
$admin = new admin('Access', 'groups_modify' ); |
|
34 |
// Check if group group_id is a valid number and doesnt equal 1 |
|
35 |
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
36 |
if( ($group_id < 2 ) ) |
|
37 |
{ |
|
38 |
// if($admin_header) { $admin->print_header(); } |
|
39 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
40 |
} |
|
36 | 41 |
|
37 |
// Check if group group_id is a valid number and doesnt equal 1 |
|
38 |
if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) { |
|
39 |
header("Location: index.php"); |
|
40 |
exit(0); |
|
41 |
} |
|
42 |
// Get existing values |
|
43 |
$results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$group_id."'"); |
|
44 |
$group = $results->fetchRow(); |
|
45 |
// Setup template object |
|
46 |
$template = new Template(THEME_PATH.'/templates'); |
|
47 |
$template->set_file('page', 'groups_form.htt'); |
|
48 |
$template->set_block('page', 'main_block', 'main'); |
|
49 |
$template->set_var( array( |
|
50 |
'ACTION_URL' => ADMIN_URL.'/groups/save.php', |
|
51 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
52 |
'GROUP_ID' => $group['group_id'], |
|
53 |
'GROUP_NAME' => $group['name'], |
|
54 |
'ADVANCED_ACTION' => 'groups.php', |
|
55 |
'FTAN' => $admin->getFTAN() |
|
56 |
)); |
|
57 |
// Tell the browser whether or not to show advanced options |
|
58 |
if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { |
|
59 |
$template->set_var('DISPLAY_ADVANCED', ''); |
|
60 |
$template->set_var('DISPLAY_BASIC', 'display:none;'); |
|
61 |
$template->set_var('ADVANCED', 'yes'); |
|
62 |
$template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); |
|
63 |
} else { |
|
64 |
$template->set_var('DISPLAY_ADVANCED', 'display:none;'); |
|
65 |
$template->set_var('DISPLAY_BASIC', ''); |
|
66 |
$template->set_var('ADVANCED', 'no'); |
|
67 |
$template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); |
|
68 |
} |
|
42 | 69 |
|
43 |
if($_POST['action'] == 'modify') { |
|
44 |
// Create new admin object |
|
45 |
$admin = new admin('Access', 'groups_modify', false); |
|
46 |
/* */ |
|
47 |
if (!$admin->checkFTAN()) |
|
48 |
{ |
|
49 |
$admin->print_header(); |
|
50 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
51 |
} |
|
70 |
// Explode system permissions |
|
71 |
$system_permissions = explode(',', $group['system_permissions']); |
|
72 |
// Check system permissions boxes |
|
73 |
foreach($system_permissions AS $name) { |
|
74 |
$template->set_var($name.'_checked', ' checked="checked"'); |
|
75 |
} |
|
76 |
// Explode module permissions |
|
77 |
$module_permissions = explode(',', $group['module_permissions']); |
|
78 |
// Explode template permissions |
|
79 |
$template_permissions = explode(',', $group['template_permissions']); |
|
52 | 80 |
|
53 |
// Print header |
|
54 |
$admin->print_header(); |
|
55 |
// Get existing values |
|
56 |
$results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'"); |
|
57 |
$group = $results->fetchRow(); |
|
58 |
// Setup template object |
|
59 |
$template = new Template(THEME_PATH.'/templates'); |
|
60 |
$template->set_file('page', 'groups_form.htt'); |
|
61 |
$template->set_block('page', 'main_block', 'main'); |
|
62 |
$template->set_var( array( |
|
63 |
'ACTION_URL' => ADMIN_URL.'/groups/save.php', |
|
64 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
65 |
'GROUP_ID' => $group['group_id'], |
|
66 |
'GROUP_NAME' => $group['name'], |
|
67 |
'ADVANCED_ACTION' => 'groups.php', |
|
68 |
'FTAN' => $admin->getFTAN() |
|
69 |
)); |
|
70 |
// Tell the browser whether or not to show advanced options |
|
71 |
if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { |
|
72 |
$template->set_var('DISPLAY_ADVANCED', ''); |
|
73 |
$template->set_var('DISPLAY_BASIC', 'display:none;'); |
|
74 |
$template->set_var('ADVANCED', 'yes'); |
|
75 |
$template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); |
|
76 |
} else { |
|
77 |
$template->set_var('DISPLAY_ADVANCED', 'display:none;'); |
|
78 |
$template->set_var('DISPLAY_BASIC', ''); |
|
79 |
$template->set_var('ADVANCED', 'no'); |
|
80 |
$template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); |
|
81 |
} |
|
81 |
// Insert values into module list |
|
82 |
$template->set_block('main_block', 'module_list_block', 'module_list'); |
|
83 |
$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); |
|
84 |
if($result->numRows() > 0) { |
|
85 |
while($addon = $result->fetchRow()) { |
|
86 |
$template->set_var('VALUE', $addon['directory']); |
|
87 |
$template->set_var('NAME', $addon['name']); |
|
88 |
if(!is_numeric(array_search($addon['directory'], $module_permissions))) { |
|
89 |
$template->set_var('CHECKED', ' checked="checked"'); |
|
90 |
} else { |
|
91 |
$template->set_var('CHECKED', ''); |
|
92 |
} |
|
93 |
$template->parse('module_list', 'module_list_block', true); |
|
94 |
} |
|
95 |
} |
|
82 | 96 |
|
83 |
// Explode system permissions |
|
84 |
$system_permissions = explode(',', $group['system_permissions']); |
|
85 |
// Check system permissions boxes |
|
86 |
foreach($system_permissions AS $name) { |
|
87 |
$template->set_var($name.'_checked', ' checked="checked"'); |
|
88 |
} |
|
89 |
// Explode module permissions |
|
90 |
$module_permissions = explode(',', $group['module_permissions']); |
|
91 |
// Explode template permissions |
|
92 |
$template_permissions = explode(',', $group['template_permissions']); |
|
93 |
|
|
94 |
// Insert values into module list |
|
95 |
$template->set_block('main_block', 'module_list_block', 'module_list'); |
|
96 |
$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); |
|
97 |
if($result->numRows() > 0) { |
|
98 |
while($addon = $result->fetchRow()) { |
|
99 |
$template->set_var('VALUE', $addon['directory']); |
|
100 |
$template->set_var('NAME', $addon['name']); |
|
101 |
if(!is_numeric(array_search($addon['directory'], $module_permissions))) { |
|
102 |
$template->set_var('CHECKED', ' checked="checked"'); |
|
103 |
} else { |
|
104 |
$template->set_var('CHECKED', ''); |
|
97 |
// Insert values into template list |
|
98 |
$template->set_block('main_block', 'template_list_block', 'template_list'); |
|
99 |
$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); |
|
100 |
if($result->numRows() > 0) { |
|
101 |
while($addon = $result->fetchRow()) { |
|
102 |
$template->set_var('VALUE', $addon['directory']); |
|
103 |
$template->set_var('NAME', $addon['name']); |
|
104 |
if(!is_numeric(array_search($addon['directory'], $template_permissions))) { |
|
105 |
$template->set_var('CHECKED', ' checked="checked"'); |
|
106 |
} else { |
|
107 |
$template->set_var('CHECKED', ''); |
|
108 |
} |
|
109 |
$template->parse('template_list', 'template_list_block', true); |
|
110 |
} |
|
105 | 111 |
} |
106 |
$template->parse('module_list', 'module_list_block', true); |
|
107 |
} |
|
108 |
} |
|
109 |
|
|
110 |
// Insert values into template list |
|
111 |
$template->set_block('main_block', 'template_list_block', 'template_list'); |
|
112 |
$result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); |
|
113 |
if($result->numRows() > 0) { |
|
114 |
while($addon = $result->fetchRow()) { |
|
115 |
$template->set_var('VALUE', $addon['directory']); |
|
116 |
$template->set_var('NAME', $addon['name']); |
|
117 |
if(!is_numeric(array_search($addon['directory'], $template_permissions))) { |
|
118 |
$template->set_var('CHECKED', ' checked="checked"'); |
|
112 |
|
|
113 |
// Insert language text and messages |
|
114 |
$template->set_var(array( |
|
115 |
'TEXT_RESET' => $TEXT['RESET'], |
|
116 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
117 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
118 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
119 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
120 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
121 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
122 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
123 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
124 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
125 |
'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], |
|
126 |
'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], |
|
127 |
'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], |
|
128 |
'TEXT_NAME' => $TEXT['NAME'], |
|
129 |
'SECTION_PAGES' => $MENU['PAGES'], |
|
130 |
'SECTION_MEDIA' => $MENU['MEDIA'], |
|
131 |
'SECTION_MODULES' => $MENU['MODULES'], |
|
132 |
'SECTION_TEMPLATES' => $MENU['TEMPLATES'], |
|
133 |
'SECTION_LANGUAGES' => $MENU['LANGUAGES'], |
|
134 |
'SECTION_SETTINGS' => $MENU['SETTINGS'], |
|
135 |
'SECTION_USERS' => $MENU['USERS'], |
|
136 |
'SECTION_GROUPS' => $MENU['GROUPS'], |
|
137 |
'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], |
|
138 |
'TEXT_VIEW' => $TEXT['VIEW'], |
|
139 |
'TEXT_ADD' => $TEXT['ADD'], |
|
140 |
'TEXT_LEVEL' => $TEXT['LEVEL'], |
|
141 |
'TEXT_MODIFY' => $TEXT['MODIFY'], |
|
142 |
'TEXT_DELETE' => $TEXT['DELETE'], |
|
143 |
'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], |
|
144 |
'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], |
|
145 |
'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], |
|
146 |
'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], |
|
147 |
'TEXT_RENAME' => $TEXT['RENAME'], |
|
148 |
'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], |
|
149 |
'TEXT_BASIC' => $TEXT['BASIC'], |
|
150 |
'TEXT_ADVANCED' => $TEXT['ADVANCED'], |
|
151 |
'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], |
|
152 |
'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'], |
|
153 |
)); |
|
154 |
|
|
155 |
// Parse template object |
|
156 |
$template->parse('main', 'main_block', false); |
|
157 |
$template->pparse('output', 'page'); |
|
158 |
break; |
|
159 |
case 'delete' : |
|
160 |
// Create new admin object |
|
161 |
$admin = new admin('Access', 'groups_delete'); |
|
162 |
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
163 |
// Check if user id is a valid number and doesnt equal 1 |
|
164 |
if( ($group_id < 2 ) ) |
|
165 |
{ |
|
166 |
// if($admin_header) { $admin->print_header(); } |
|
167 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
168 |
} |
|
169 |
// Print header |
|
170 |
$admin->print_header(); |
|
171 |
// Delete the group |
|
172 |
$database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$group_id."' LIMIT 1"); |
|
173 |
if($database->is_error()) { |
|
174 |
$admin->print_error($database->get_error()); |
|
119 | 175 |
} else { |
120 |
$template->set_var('CHECKED', ''); |
|
176 |
// Delete users in the group |
|
177 |
$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$group_id."'"); |
|
178 |
if($database->is_error()) { |
|
179 |
$admin->print_error($database->get_error()); |
|
180 |
} else { |
|
181 |
$admin->print_success($MESSAGE['GROUPS']['DELETED']); |
|
182 |
} |
|
121 | 183 |
} |
122 |
$template->parse('template_list', 'template_list_block', true); |
|
123 |
} |
|
124 |
} |
|
125 |
|
|
126 |
// Insert language text and messages |
|
127 |
$template->set_var(array( |
|
128 |
'TEXT_RESET' => $TEXT['RESET'], |
|
129 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
130 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
131 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
132 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
133 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
134 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
135 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
136 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
137 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
138 |
'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], |
|
139 |
'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], |
|
140 |
'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], |
|
141 |
'TEXT_NAME' => $TEXT['NAME'], |
|
142 |
'SECTION_PAGES' => $MENU['PAGES'], |
|
143 |
'SECTION_MEDIA' => $MENU['MEDIA'], |
|
144 |
'SECTION_MODULES' => $MENU['MODULES'], |
|
145 |
'SECTION_TEMPLATES' => $MENU['TEMPLATES'], |
|
146 |
'SECTION_LANGUAGES' => $MENU['LANGUAGES'], |
|
147 |
'SECTION_SETTINGS' => $MENU['SETTINGS'], |
|
148 |
'SECTION_USERS' => $MENU['USERS'], |
|
149 |
'SECTION_GROUPS' => $MENU['GROUPS'], |
|
150 |
'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], |
|
151 |
'TEXT_VIEW' => $TEXT['VIEW'], |
|
152 |
'TEXT_ADD' => $TEXT['ADD'], |
|
153 |
'TEXT_LEVEL' => $TEXT['LEVEL'], |
|
154 |
'TEXT_MODIFY' => $TEXT['MODIFY'], |
|
155 |
'TEXT_DELETE' => $TEXT['DELETE'], |
|
156 |
'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], |
|
157 |
'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], |
|
158 |
'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], |
|
159 |
'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], |
|
160 |
'TEXT_RENAME' => $TEXT['RENAME'], |
|
161 |
'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], |
|
162 |
'TEXT_BASIC' => $TEXT['BASIC'], |
|
163 |
'TEXT_ADVANCED' => $TEXT['ADVANCED'], |
|
164 |
'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], |
|
165 |
'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'], |
|
166 |
)); |
|
167 |
|
|
168 |
// Parse template object |
|
169 |
$template->parse('main', 'main_block', false); |
|
170 |
$template->pparse('output', 'page'); |
|
171 |
} elseif($_POST['action'] == 'delete') { |
|
172 |
// Create new admin object |
|
173 |
$admin = new admin('Access', 'groups_delete', false); |
|
174 |
/* */ |
|
175 |
if (!$admin->checkFTAN()) |
|
176 |
{ |
|
177 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); |
|
178 |
} |
|
179 |
// Print header |
|
180 |
$admin->print_header(); |
|
181 |
// Delete the group |
|
182 |
$database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1"); |
|
183 |
if($database->is_error()) { |
|
184 |
$admin->print_error($database->get_error()); |
|
185 |
} else { |
|
186 |
// Delete users in the group |
|
187 |
$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'"); |
|
188 |
if($database->is_error()) { |
|
189 |
$admin->print_error($database->get_error()); |
|
190 |
} else { |
|
191 |
$admin->print_success($MESSAGE['GROUPS']['DELETED']); |
|
192 |
} |
|
193 |
} |
|
194 |
} |
|
184 |
break; |
|
185 |
default: |
|
186 |
break; |
|
187 |
endswitch; |
|
195 | 188 |
|
196 | 189 |
// Print admin footer |
197 | 190 |
$admin->print_footer(); |
branches/2.8.x/wb/admin/groups/index.php | ||
---|---|---|
53 | 53 |
$template->parse('list', 'list_block', true); |
54 | 54 |
// Loop through groups |
55 | 55 |
while($group = $results->fetchRow()) { |
56 |
$template->set_var('VALUE', $group['group_id']);
|
|
56 |
$template->set_var('VALUE',$admin->getIDKEY($group['group_id']));
|
|
57 | 57 |
$template->set_var('NAME', $group['name']); |
58 | 58 |
$template->parse('list', 'list_block', true); |
59 | 59 |
} |
... | ... | |
195 | 195 |
|
196 | 196 |
// Print the admin footer |
197 | 197 |
$admin->print_footer(); |
198 |
|
|
199 |
?> |
branches/2.8.x/wb/admin/media/rename2.php | ||
---|---|---|
24 | 24 |
// Include the WB functions file |
25 | 25 |
require_once(WB_PATH.'/framework/functions.php'); |
26 | 26 |
|
27 |
// Get list of file types to which we're supposed to append 'txt' |
|
28 |
$get_result = $database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); |
|
29 |
$file_extension_string = ''; |
|
30 |
if ($get_result->numRows()>0) { |
|
31 |
$fetch_result = $get_result->fetchRow(); |
|
32 |
$file_extension_string = $fetch_result['value']; |
|
33 |
} |
|
34 |
$file_extensions=explode(",",$file_extension_string); |
|
35 |
|
|
36 | 27 |
// Get the current dir |
37 |
// $directory = $admin->get_post('dir'); |
|
38 |
|
|
39 |
// Target location |
|
40 | 28 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
41 | 29 |
$directory = (isset(${$requestMethod}['dir'])) ? ${$requestMethod}['dir'] : ''; |
42 |
if($directory == '/') { |
|
43 |
$directory = ''; |
|
44 |
} |
|
30 |
$directory = ($directory == '/') ? '' : $directory; |
|
45 | 31 |
|
46 |
// Check to see if it contains .. |
|
32 |
$dirlink = 'browse.php?dir='.$directory; |
|
33 |
$rootlink = 'browse.php?dir='; |
|
34 |
// $file_id = intval($admin->get_post('id')); |
|
35 |
|
|
36 |
// first Check to see if it contains .. |
|
47 | 37 |
if (!check_media_path($directory)) { |
48 |
$admin->print_header(); |
|
49 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); |
|
38 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false); |
|
50 | 39 |
} |
51 | 40 |
|
52 | 41 |
// Get the temp id |
53 |
$file_id = $admin->checkIDKEY('id', false, 'POST');
|
|
42 |
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
|
|
54 | 43 |
if (!$file_id) { |
55 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
44 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
|
|
56 | 45 |
} |
57 | 46 |
|
47 |
// Check for potentially malicious files and append 'txt' to their name |
|
48 |
$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); |
|
49 |
// hardcodet forbidden filetypes |
|
50 |
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; |
|
58 | 51 |
// Get home folder not to show |
59 | 52 |
$home_folders = get_home_folders(); |
60 | 53 |
|
... | ... | |
62 | 55 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { |
63 | 56 |
// Loop through the files and dirs an add to list |
64 | 57 |
while (false !== ($file = readdir($handle))) { |
58 |
$info = pathinfo($file); |
|
59 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
65 | 60 |
if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { |
66 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
67 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
68 |
$DIR[] = $file; |
|
61 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { |
|
62 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
63 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
64 |
$DIR[] = $file; |
|
65 |
} |
|
66 |
} else { |
|
67 |
$FILE[] = $file; |
|
69 | 68 |
} |
70 |
} else { |
|
71 |
$FILE[] = $file; |
|
72 | 69 |
} |
73 | 70 |
} |
74 | 71 |
} |
... | ... | |
94 | 91 |
} |
95 | 92 |
} |
96 | 93 |
} |
94 |
|
|
97 | 95 |
$file_id = $admin->getIDKEY($file_id); |
96 |
|
|
98 | 97 |
if(!isset($rename_file)) { |
99 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
98 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
100 | 99 |
} |
101 | 100 |
|
102 | 101 |
// Check if they entered a new name |
... | ... | |
121 | 120 |
// Join new name and extension |
122 | 121 |
$name = $new_name.$extension; |
123 | 122 |
|
123 |
$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name); |
|
124 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
125 |
$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); |
|
126 |
|
|
127 |
if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { |
|
128 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); |
|
129 |
} |
|
130 |
|
|
124 | 131 |
// Check if the name contains .. |
125 | 132 |
if(strstr($name, '..')) { |
126 | 133 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false); |
... | ... | |
136 | 143 |
$admin->print_error($MESSAGE['MEDIA']['BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false); |
137 | 144 |
} |
138 | 145 |
|
139 |
// Check for potentially malicious files and append 'txt' to their name |
|
140 |
foreach($file_extensions as $file_ext) { |
|
141 |
$file_ext_len=strlen($file_ext); |
|
142 |
if (substr($name,-$file_ext_len)==$file_ext) { |
|
143 |
$name.='.txt'; |
|
144 |
} |
|
145 |
} |
|
146 |
$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file); |
|
147 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
148 |
$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); |
|
146 | 149 |
|
150 |
if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { |
|
151 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); |
|
152 |
} |
|
147 | 153 |
|
148 | 154 |
// Check if we should overwrite or not |
149 | 155 |
if($admin->get_post('overwrite') != 'yes' AND file_exists(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name) == true) { |
... | ... | |
160 | 166 |
// feature freeze |
161 | 167 |
// require_once(ADMIN_PATH.'/media/dse.php'); |
162 | 168 |
|
163 |
$admin->print_success($MESSAGE['MEDIA']['RENAMED'], "browse.php?dir=$directory");
|
|
169 |
$admin->print_success($MESSAGE['MEDIA']['RENAMED'], $dirlink);
|
|
164 | 170 |
} else { |
165 | 171 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); |
166 | 172 |
} |
branches/2.8.x/wb/admin/media/browse.php | ||
---|---|---|
94 | 94 |
$currentHome |
95 | 95 |
: |
96 | 96 |
$admin->strip_slashes($admin->get_get('dir')) ; |
97 |
|
|
97 | 98 |
if($directory == '/' OR $directory == '\\') { |
98 | 99 |
$directory = ''; |
99 | 100 |
} |
100 | 101 |
|
102 |
$dir_backlink = 'browse.php?dir='.$directory; |
|
103 |
|
|
101 | 104 |
// Check to see if it contains ../ |
102 | 105 |
if (!check_media_path($directory)) { |
103 | 106 |
// $admin->print_header(); |
... | ... | |
159 | 162 |
|
160 | 163 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { |
161 | 164 |
// Loop through the files and dirs an add to list |
162 |
while(false !== ($file = readdir($handle))) { |
|
165 |
while (false !== ($file = readdir($handle))) { |
|
166 |
$info = pathinfo($file); |
|
167 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
163 | 168 |
if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { |
164 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
165 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
166 |
$DIR[] = $file; |
|
167 |
} |
|
168 |
} else { |
|
169 |
$info = pathinfo($file); |
|
170 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
171 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { |
|
169 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { |
|
170 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
171 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
172 |
$DIR[] = $file; |
|
173 |
} |
|
174 |
} else { |
|
172 | 175 |
$FILE[] = $file; |
173 | 176 |
} |
174 | 177 |
} |
... | ... | |
186 | 189 |
'NAME' => $name, |
187 | 190 |
'NAME_SLASHED' => addslashes($name), |
188 | 191 |
'TEMP_ID' => $admin->getIDKEY($temp_id), |
192 |
// 'TEMP_ID' => $temp_id, |
|
189 | 193 |
'LINK' => "browse.php?dir=$directory/$link_name", |
190 | 194 |
'LINK_TARGET' => '_self', |
191 | 195 |
'ROW_BG_COLOR' => $row_bg_color, |
... | ... | |
246 | 250 |
'NAME' => $name, |
247 | 251 |
'NAME_SLASHED' => addslashes($name), |
248 | 252 |
'TEMP_ID' => $admin->getIDKEY($temp_id), |
253 |
// 'TEMP_ID' => $temp_id, |
|
249 | 254 |
'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, |
250 | 255 |
'LINK_TARGET' => '_blank', |
251 | 256 |
'ROW_BG_COLOR' => $row_bg_color, |
branches/2.8.x/wb/admin/media/delete.php | ||
---|---|---|
26 | 26 |
|
27 | 27 |
// Get the current dir |
28 | 28 |
$directory = $admin->get_get('dir'); |
29 |
if($directory == '/') { |
|
30 |
$directory = ''; |
|
31 |
} |
|
29 |
$directory = ($directory == '/') ? '' : $directory; |
|
32 | 30 |
|
31 |
$dirlink = 'browse.php?dir='.$directory; |
|
32 |
$rootlink = 'browse.php?dir='; |
|
33 |
|
|
33 | 34 |
// Check to see if it contains .. |
34 | 35 |
if (!check_media_path($directory)) { |
35 | 36 |
// $admin->print_header(); |
36 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],WB_URL.'/admin/media/browse.php?dir=',false );
|
|
37 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink,false );
|
|
37 | 38 |
} |
38 | 39 |
|
39 |
// Get the temp id
|
|
40 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
40 |
// Get the file id
|
|
41 |
$file_id = $admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']);
|
|
41 | 42 |
if (!$file_id) { |
42 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL.'/admin/media/browse.php?dir=',false);
|
|
43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink,false);
|
|
43 | 44 |
} |
44 | 45 |
|
45 | 46 |
// Get home folder not to show |
... | ... | |
52 | 53 |
if(!empty($currentdir)) { |
53 | 54 |
$usedFiles = $Dse->getMatchesFromDir( $directory, DseTwo::RETURN_USED); |
54 | 55 |
} |
55 |
print '<pre><strong>function '.__FUNCTION__.'();</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />'; |
|
56 |
print_r( $usedFiles ); print '</pre>'; // flush ();sleep(10); die(); |
|
57 | 56 |
*/ |
58 | 57 |
// Figure out what folder name the temp id is |
59 | 58 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { |
... | ... | |
94 | 93 |
|
95 | 94 |
// Check to see if we could find an id to match |
96 | 95 |
if(!isset($delete_file)) { |
97 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
96 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
98 | 97 |
} |
99 | 98 |
$relative_path = WB_PATH.MEDIA_DIRECTORY.'/'.$directory.'/'.$delete_file; |
100 | 99 |
// Check if the file/folder exists |
101 | 100 |
if(!file_exists($relative_path)) { |
102 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
101 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
103 | 102 |
} |
104 | 103 |
|
105 | 104 |
// Find out whether its a file or folder |
106 | 105 |
if($type == 'folder') { |
107 | 106 |
// Try and delete the directory |
108 | 107 |
if(rm_full_dir($relative_path)) { |
109 |
$admin->print_success($MESSAGE['MEDIA']['DELETED_DIR'], "browse.php?dir=$directory");
|
|
108 |
$admin->print_success($MESSAGE['MEDIA']['DELETED_DIR'], $dirlink);
|
|
110 | 109 |
} else { |
111 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_DIR'], "browse.php?dir=$directory", false);
|
|
110 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_DIR'], $dirlink, false);
|
|
112 | 111 |
} |
113 | 112 |
} else { |
114 | 113 |
// Try and delete the file |
115 | 114 |
if(unlink($relative_path)) { |
116 |
$admin->print_success($MESSAGE['MEDIA']['DELETED_FILE'], "browse.php?dir=$directory");
|
|
115 |
$admin->print_success($MESSAGE['MEDIA']['DELETED_FILE'], $dirlink);
|
|
117 | 116 |
} else { |
118 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_FILE'], "browse.php?dir=$directory", false);
|
|
117 |
$admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_FILE'], $dirlink, false);
|
|
119 | 118 |
} |
120 | 119 |
} |
121 | 120 |
|
branches/2.8.x/wb/admin/media/create.php | ||
---|---|---|
18 | 18 |
|
19 | 19 |
// Print admin header |
20 | 20 |
require('../../config.php'); |
21 |
|
|
21 | 22 |
require_once(WB_PATH.'/framework/class.admin.php'); |
23 |
// Include the WB functions file |
|
24 |
require_once(WB_PATH.'/framework/functions.php'); |
|
25 |
|
|
22 | 26 |
// suppress to print the header, so no new FTAN will be set |
23 | 27 |
$admin = new admin('Media', 'media_create', false); |
24 | 28 |
|
25 | 29 |
// Get dir name and target location |
26 | 30 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
27 | 31 |
$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : ''; |
28 |
if($name == '') { |
|
29 |
header("Location: index.php"); |
|
30 |
exit(0); |
|
32 |
|
|
33 |
// Check to see if name or target contains ../ |
|
34 |
if(strstr($name, '..')) { |
|
35 |
$admin->print_header(); |
|
36 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); |
|
31 | 37 |
} |
32 | 38 |
|
39 |
// Remove bad characters |
|
40 |
$name = trim(media_filename($name),'.'); |
|
41 |
|
|
33 | 42 |
// Target location |
34 | 43 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
35 | 44 |
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; |
36 |
if($target == '') { |
|
37 |
header("Location: index.php"); |
|
38 |
exit(0); |
|
39 |
} |
|
40 | 45 |
|
41 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
42 |
// suppress to print the header, so no new FTAN will be set |
|
43 |
$admin = new admin('Media', 'media_create', false); |
|
44 | 46 |
if (!$admin->checkFTAN()) |
45 | 47 |
{ |
46 | 48 |
$admin->print_header(); |
... | ... | |
49 | 51 |
// After check print the header |
50 | 52 |
$admin->print_header(); |
51 | 53 |
|
52 |
// Include the WB functions file |
|
53 |
require_once(WB_PATH.'/framework/functions.php'); |
|
54 |
|
|
55 |
// Check to see if name or target contains ../ |
|
56 |
if(strstr($name, '..')) { |
|
57 |
$admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); |
|
58 |
} |
|
59 | 54 |
if (!check_media_path($target, false)) { |
60 |
w_debug("target: $target"); |
|
61 | 55 |
$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); |
62 | 56 |
} |
63 | 57 |
|
64 |
// Remove bad characters |
|
65 |
$name = media_filename($name); |
|
66 |
|
|
67 | 58 |
// Create relative path of the new dir name |
68 | 59 |
$directory = WB_PATH.$target.'/'.$name; |
69 | 60 |
|
70 |
/* */ |
|
71 | 61 |
// Check to see if the folder already exists |
72 | 62 |
if(file_exists($directory)) { |
73 | 63 |
$admin->print_error($MESSAGE['MEDIA']['DIR_EXISTS']); |
74 | 64 |
} |
75 | 65 |
|
76 |
|
|
77 | 66 |
if ( sizeof(createFolderProtectFile( $directory )) ) |
78 | 67 |
{ |
79 | 68 |
$admin->print_error($MESSAGE['MEDIA']['DIR_NOT_MADE']); |
branches/2.8.x/wb/admin/media/rename.php | ||
---|---|---|
26 | 26 |
|
27 | 27 |
// Get the current dir |
28 | 28 |
$directory = $admin->get_get('dir'); |
29 |
if($directory == '/') { |
|
30 |
$directory = ''; |
|
31 |
} |
|
29 |
$directory = ($directory == '/') ? '' : $directory; |
|
32 | 30 |
|
33 |
// Check to see if it contains .. |
|
31 |
$dirlink = 'browse.php?dir='.$directory; |
|
32 |
$rootlink = 'browse.php?dir='; |
|
33 |
// $file_id = intval($admin->get_get('id')); |
|
34 |
|
|
35 |
// first Check to see if it contains .. |
|
34 | 36 |
if (!check_media_path($directory)) { |
35 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "browse.php?dir=$directory", false);
|
|
37 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false);
|
|
36 | 38 |
} |
37 | 39 |
|
38 | 40 |
// Get the temp id |
39 |
$file_id = $admin->checkIDKEY('id', false, 'GET');
|
|
41 |
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
|
|
40 | 42 |
if (!$file_id) { |
41 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
43 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
|
|
42 | 44 |
} |
43 | 45 |
|
44 | 46 |
// Get home folder not to show |
45 | 47 |
$home_folders = get_home_folders(); |
48 |
// Check for potentially malicious files and append 'txt' to their name |
|
49 |
$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); |
|
50 |
// hardcodet forbidden filetypes |
|
51 |
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; |
|
46 | 52 |
|
47 | 53 |
// Figure out what folder name the temp id is |
48 | 54 |
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { |
49 | 55 |
// Loop through the files and dirs an add to list |
50 | 56 |
while (false !== ($file = readdir($handle))) { |
57 |
$info = pathinfo($file); |
|
58 |
$ext = isset($info['extension']) ? $info['extension'] : ''; |
|
51 | 59 |
if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { |
52 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
53 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
54 |
$DIR[] = $file; |
|
60 |
if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { |
|
61 |
if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { |
|
62 |
if(!isset($home_folders[$directory.'/'.$file])) { |
|
63 |
$DIR[] = $file; |
|
64 |
} |
|
65 |
} else { |
|
66 |
$FILE[] = $file; |
|
55 | 67 |
} |
56 |
} else { |
|
57 |
$FILE[] = $file; |
|
58 | 68 |
} |
59 | 69 |
} |
60 | 70 |
} |
71 |
|
|
61 | 72 |
$temp_id = 0; |
62 | 73 |
if(isset($DIR)) { |
63 | 74 |
sort($DIR); |
... | ... | |
69 | 80 |
} |
70 | 81 |
} |
71 | 82 |
} |
83 |
|
|
72 | 84 |
if(isset($FILE)) { |
73 | 85 |
sort($FILE); |
74 | 86 |
foreach($FILE AS $name) { |
... | ... | |
82 | 94 |
} |
83 | 95 |
|
84 | 96 |
if(!isset($rename_file)) { |
85 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
|
|
97 |
$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
|
|
86 | 98 |
} |
87 | 99 |
|
88 | 100 |
// Setup template object |
... | ... | |
109 | 121 |
'FILENAME' => $rename_file, |
110 | 122 |
'DIR' => $directory, |
111 | 123 |
'FILE_ID' => $admin->getIDKEY($file_id), |
124 |
// 'FILE_ID' => $file_id, |
|
112 | 125 |
'TYPE' => $type, |
113 | 126 |
'EXTENSION' => $extension, |
114 | 127 |
'FTAN' => $admin->getFTAN() |
branches/2.8.x/wb/admin/media/upload.php | ||
---|---|---|
22 | 22 |
include_once('parameters.php'); |
23 | 23 |
|
24 | 24 |
require_once(WB_PATH.'/framework/class.admin.php'); |
25 |
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. |
|
25 |
// require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file.
|
|
26 | 26 |
// suppress to print the header, so no new FTAN will be set |
27 | 27 |
$admin = new admin('Media', 'media_upload', false); |
28 | 28 |
|
... | ... | |
52 | 52 |
$resizepath = str_replace(array('/',' '),'_',$target); |
53 | 53 |
|
54 | 54 |
// Find out whether we should replace files or give an error |
55 |
if($admin->get_post('overwrite') != '') { |
|
56 |
$overwrite = true; |
|
57 |
} else { |
|
58 |
$overwrite = false; |
|
59 |
} |
|
55 |
$overwrite = ($admin->get_post('overwrite') != '') ? true : false; |
|
60 | 56 |
|
61 | 57 |
// Get list of file types to which we're supposed to append 'txt' |
62 | 58 |
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); |
... | ... | |
65 | 61 |
$fetch_result=$get_result->fetchRow(); |
66 | 62 |
$file_extension_string=$fetch_result['value']; |
67 | 63 |
} |
64 |
|
|
68 | 65 |
$file_extensions=explode(",",$file_extension_string); |
69 | 66 |
// get from settings and add to forbidden list |
70 | 67 |
$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); |
branches/2.8.x/wb/admin/start/index.php | ||
---|---|---|
64 | 64 |
} |
65 | 65 |
|
66 | 66 |
$msg = (file_exists(WB_PATH.'/install/')) ? $MESSAGE['START']['INSTALL_DIR_EXISTS'] : ''; |
67 |
$msg .= (file_exists(WB_PATH.'/upgrade-script.php')) ? '<br />'.$TEXT['DELETE'].' upgrade-script.php ' : '';
|
|
67 |
$msg .= (file_exists(WB_PATH.'/upgrade-script.php')) ? '<br />'.$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] : '';
|
|
68 | 68 |
|
69 | 69 |
// Check if installation directory still exists |
70 | 70 |
if(file_exists(WB_PATH.'/install/') || file_exists(WB_PATH.'/upgrade-script.php') ) { |
... | ... | |
138 | 138 |
|
139 | 139 |
// Print admin footer |
140 | 140 |
$admin->print_footer(); |
141 |
|
|
142 |
?> |
branches/2.8.x/wb/admin/templates/details.php | ||
---|---|---|
33 | 33 |
header("Location: index.php"); |
34 | 34 |
exit(0); |
35 | 35 |
} else { |
36 |
$file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-2
|
|
36 |
$file = preg_replace("/\W/", "", $_POST['file']); // fix secunia 2010-92-2
|
|
37 | 37 |
} |
38 | 38 |
|
39 | 39 |
// Check if the template exists |
branches/2.8.x/wb/admin/pages/index.php | ||
---|---|---|
28 | 28 |
?> |
29 | 29 |
<script type="text/javascript" src="<?php print ADMIN_URL; ?>/pages/eggsurplus.js"></script> |
30 | 30 |
<?php |
31 |
/* |
|
32 |
urlencode function and rawurlencode are mostly based on RFC 1738. |
|
33 |
However, since 2005 the current RFC in use for URIs standard is RFC 3986. |
|
34 |
Here is a function to encode URLs according to RFC 3986. |
|
35 |
*/ |
|
36 |
function url_encode($string) { |
|
37 |
$string = html_entity_decode($string,ENT_QUOTES,'UTF-8'); |
|
38 |
$entities = array('%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D'); |
|
39 |
$replacements = array('!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]"); |
|
40 |
return str_replace($entities, $replacements, rawurlencode($string)); |
|
41 |
} |
|
31 |
|
|
42 | 32 |
// fixes A URI contains impermissible characters or quotes around the URI are not closed. |
43 | 33 |
$MESSAGE['PAGES_DELETE_CONFIRM'] = url_encode( $MESSAGE['PAGES_DELETE_CONFIRM'] ); |
44 | 34 |
|
... | ... | |
607 | 597 |
|
608 | 598 |
// Print admin |
609 | 599 |
$admin->print_footer(); |
610 |
|
|
611 |
?> |
branches/2.8.x/wb/admin/pages/settings2.php | ||
---|---|---|
56 | 56 |
// Get values |
57 | 57 |
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title'))); |
58 | 58 |
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title'))); |
59 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
|
59 |
$page_code = intval($admin->get_post('page_code')) ;
|
|
60 | 60 |
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description')))); |
61 | 61 |
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords')))); |
62 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
|
62 |
$parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3
|
|
63 | 63 |
$visibility = $admin->get_post_escaped('visibility'); |
64 | 64 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3 |
65 |
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3
|
|
66 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));
|
|
65 |
$template = preg_replace("/\W/", "", $admin->get_post('template')); // fix secunia 2010-93-3 |
|
66 |
$target = preg_replace("/\W/", "", $admin->get_post('target')); |
|
67 | 67 |
$admin_groups = $admin->get_post_escaped('admin_groups'); |
68 | 68 |
$viewing_groups = $admin->get_post_escaped('viewing_groups'); |
69 |
$searching = (int) $admin->get_post_escaped('searching');
|
|
69 |
$searching = intval($admin->get_post('searching'));
|
|
70 | 70 |
$language = strtoupper($admin->get_post('language')); |
71 | 71 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); |
72 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3
|
|
72 |
$menu = intval($admin->get_post('menu')); // fix secunia 2010-91-3
|
|
73 | 73 |
|
74 | 74 |
// Validate data |
75 | 75 |
if($page_title == '' || substr($page_title,0,1)=='.') |
... | ... | |
325 | 325 |
|
326 | 326 |
// Print admin footer |
327 | 327 |
$admin->print_footer(); |
328 |
|
|
329 |
?> |
branches/2.8.x/wb/admin/pages/sections.php | ||
---|---|---|
28 | 28 |
/* */ |
29 | 29 |
$debug = false; // to show position and section_id |
30 | 30 |
If(!defined('DEBUG')) { define('DEBUG',$debug);} |
31 |
// Include the WB functions file |
|
32 |
require_once(WB_PATH.'/framework/functions.php'); |
|
31 | 33 |
// Create new admin object |
32 | 34 |
require_once(WB_PATH.'/framework/class.admin.php'); |
33 |
$admin = new admin('Pages', 'pages_modify'); |
|
35 |
$admin = new admin('Pages', 'pages_modify', false);
|
|
34 | 36 |
|
37 |
$action = 'show'; |
|
35 | 38 |
// Get page id |
36 |
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) |
|
37 |
{ |
|
38 |
header("Location: index.php"); |
|
39 |
exit(0); |
|
40 |
} else { |
|
41 |
$page_id = $_GET['page_id']; |
|
42 |
} |
|
39 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
40 |
$page_id = intval((isset(${$requestMethod}['page_id'])) ? ${$requestMethod}['page_id'] : 0); |
|
41 |
$action = ($page_id ? 'show' : $action); |
|
42 |
// Get section id if there is one |
|
43 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
44 |
$section_id = ((isset(${$requestMethod}['section_id'])) ? ${$requestMethod}['section_id'] : 0); |
|
45 |
$action = ($section_id ? 'delete' : $action); |
|
46 |
// Get module if there is one |
|
47 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
48 |
$module = ((isset(${$requestMethod}['module'])) ? ${$requestMethod}['module'] : 0); |
|
49 |
$action = ($module != '' ? 'add' : $action); |
|
50 |
$admin_header = true; |
|
51 |
$backlink = ADMIN_URL.'/pages/sections.php?page_id='.(int)$page_id; |
|
43 | 52 |
|
44 |
/* |
|
45 |
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) ) |
|
46 |
{ |
|
47 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
48 |
exit(); |
|
49 |
} |
|
50 |
*/ |
|
51 |
/* |
|
52 |
urlencode function and rawurlencode are mostly based on RFC 1738. |
|
53 |
However, since 2005 the current RFC in use for URIs standard is RFC 3986. |
|
54 |
Here is a function to encode URLs according to RFC 3986. |
|
55 |
*/ |
|
56 |
function url_encode($string) { |
|
57 |
$string = html_entity_decode($string,ENT_QUOTES,'UTF-8'); |
|
58 |
$entities = array('%20', '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D'); |
|
59 |
$replacements = array(' ','!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]"); |
|
60 |
return str_replace($entities, $replacements, rawurlencode($string)); |
|
61 |
} |
|
53 |
switch ($action): |
|
54 |
case 'delete' : |
|
62 | 55 |
|
63 |
// Check if we are supposed to add or delete a section |
|
64 |
if(isset($_GET['section_id']) && is_numeric($_GET['section_id'])) |
|
65 |
{ |
|
66 |
// Get more information about this section |
|
67 |
$section_id = $_GET['section_id']; |
|
68 |
$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` '; |
|
69 |
$sql .= 'WHERE `section_id` ='.$section_id; |
|
70 |
$query_section = $database->query($sql); |
|
56 |
if( ( !($section_id = intval($admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD'])) )) ) |
|
57 |
{ |
|
58 |
if($admin_header) { $admin->print_header(); } |
|
59 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink); |
|
60 |
} |
|
71 | 61 |
|
72 |
if($query_section->numRows() == 0) |
|
73 |
{ |
|
74 |
$admin->print_error('Section not found'); |
|
75 |
} |
|
76 |
$section = $query_section->fetchRow(); |
|
77 |
// Include the modules delete file if it exists |
|
78 |
if(file_exists(WB_PATH.'/modules/'.$section['module'].'/delete.php')) |
|
79 |
{ |
|
80 |
require(WB_PATH.'/modules/'.$section['module'].'/delete.php'); |
|
81 |
} |
|
82 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'sections` '; |
|
83 |
$sql .= 'WHERE `section_id` ='.$section_id.' LIMIT 1'; |
|
84 |
$query_section = $database->query($sql); |
|
62 |
$action = 'show'; |
|
63 |
$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` '; |
|
64 |
$sql .= 'WHERE `section_id` ='.$section_id; |
|
65 |
if( ( ($modulname = $database->get_one($sql)) == $module) && ($section_id > 0 ) ) { |
|
66 |
// Include the modules delete file if it exists |
|
67 |
if(file_exists(WB_PATH.'/modules/'.$modulname.'/delete.php')) |
|
68 |
{ |
|
69 |
require(WB_PATH.'/modules/'.$modulname.'/delete.php'); |
|
70 |
} |
|
71 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'sections` '; |
|
72 |
$sql .= 'WHERE `section_id` ='.(int)$section_id.' LIMIT 1'; |
|
73 |
if( !$database->query($sql) ) { |
|
74 |
if($admin_header) { $admin->print_header(); } |
|
75 |
$admin->print_error($database->get_error(),$backlink); |
|
76 |
} else { |
|
77 |
require_once(WB_PATH.'/framework/class.order.php'); |
|
78 |
$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); |
|
79 |
$order->clean($page_id); |
|
80 |
$format = $TEXT['SECTION'].' %d %s %s '.strtolower( $TEXT['DELETED']); |
|
81 |
$message = sprintf ($format,$section_id,strtoupper($modulname),strtolower($TEXT['SUCCESS'])); |
|
82 |
if($admin_header) { $admin->print_header(); } |
|
83 |
$admin_header = false; |
|
84 |
unset($_POST); |
|
85 |
$admin->print_success($message, $backlink ); |
|
86 |
} |
|
87 |
} else { |
|
88 |
if($admin_header) { $admin->print_header(); } |
|
89 |
$admin->print_error($module.' '.strtolower($TEXT['NOT_FOUND']),$backlink); |
|
90 |
} |
|
85 | 91 |
|
86 |
if($database->is_error()) |
|
87 |
{ |
|
88 |
$admin->print_error($database->get_error()); |
|
89 |
} else { |
|
90 |
require(WB_PATH.'/framework/class.order.php'); |
|
92 |
break; |
|
93 |
case 'add' : |
|
94 |
|
|
95 |
if (!$admin->checkFTAN()) |
|
96 |
{ |
|
97 |
$admin->print_header(); |
|
98 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink); |
|
99 |
} |
|
100 |
$action = 'show'; |
|
101 |
$module = preg_replace('/\W/', '', $module ); // fix secunia 2010-91-4 |
|
102 |
require_once(WB_PATH.'/framework/class.order.php'); |
|
103 |
// Get new order |
|
91 | 104 |
$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); |
92 |
$order->clean($page_id); |
|
93 |
$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id ); |
|
94 |
$admin->print_footer(); |
|
95 |
exit(); |
|
96 |
} |
|
97 |
} elseif(isset($_POST['module']) && $_POST['module'] != '') |
|
98 |
{ |
|
99 |
// Get section info |
|
100 |
$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module'])); // fix secunia 2010-91-4 |
|
101 |
// Include the ordering class |
|
102 |
require(WB_PATH.'/framework/class.order.php'); |
|
103 |
// Get new order |
|
104 |
$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); |
|
105 |
$position = $order->get_new($page_id); |
|
106 |
// Insert module into DB |
|
107 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET '; |
|
108 |
$sql .= '`page_id` = '.$page_id.', '; |
|
109 |
$sql .= '`module` = "'.$module.'", '; |
|
110 |
$sql .= '`position` = '.$position.', '; |
|
111 |
$sql .= '`block`=1'; |
|
112 |
$database->query($sql); |
|
113 |
// Get the section id |
|
114 |
$section_id = $database->get_one("SELECT LAST_INSERT_ID()"); |
|
115 |
// Include the selected modules add file if it exists |
|
116 |
if(file_exists(WB_PATH.'/modules/'.$module.'/add.php')) |
|
117 |
{ |
|
118 |
require(WB_PATH.'/modules/'.$module.'/add.php'); |
|
119 |
} |
|
120 |
} |
|
105 |
$position = $order->get_new($page_id); |
|
106 |
// Insert module into DB |
|
107 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET '; |
|
108 |
$sql .= '`page_id` = '.(int)$page_id.', '; |
|
109 |
$sql .= '`module` = \''.$module.'\', '; |
|
110 |
$sql .= '`position` = '.(int)$position.', '; |
|
111 |
$sql .= '`block` = 1'; |
|
112 |
if($database->query($sql)) { |
|
113 |
// Get the section id |
|
114 |
$section_id = $database->get_one("SELECT LAST_INSERT_ID()"); |
|
115 |
// Include the selected modules add file if it exists |
|
116 |
if(file_exists(WB_PATH.'/modules/'.$module.'/add.php')) |
|
117 |
{ |
|
118 |
require(WB_PATH.'/modules/'.$module.'/add.php'); |
|
119 |
} |
|
120 |
} elseif ($database->is_error()) { |
|
121 |
if($admin_header) { $admin->print_header(); } |
|
122 |
$admin->print_error($database->get_error()); |
|
123 |
} |
|
124 |
break; |
|
125 |
default: |
|
126 |
break; |
|
127 |
endswitch; |
|
121 | 128 |
|
122 |
// Get perms |
|
123 |
// $database = new database(); |
|
124 |
$sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; |
|
125 |
$sql .= 'WHERE `page_id` = '.$page_id; |
|
126 |
$results = $database->query($sql); |
|
129 |
switch ($action): |
|
130 |
default: |
|
127 | 131 |
|
128 |
$results_array = $results->fetchRow(); |
|
129 |
$old_admin_groups = explode(',', $results_array['admin_groups']); |
|
130 |
$old_admin_users = explode(',', $results_array['admin_users']); |
|
131 |
$in_old_group = FALSE; |
|
132 |
foreach($admin->get_groups_id() as $cur_gid) |
|
133 |
{ |
|
134 |
if (in_array($cur_gid, $old_admin_groups)) |
|
135 |
{ |
|
136 |
$in_old_group = TRUE; |
|
137 |
} |
|
138 |
} |
|
139 |
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) |
|
140 |
{ |
|
141 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
142 |
} |
|
132 |
if($admin_header) { $admin->print_header(); } |
|
133 |
// Get perms |
|
134 |
$sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; |
|
135 |
$sql .= 'WHERE `page_id` = '.$page_id; |
|
136 |
$results = $database->query($sql); |
|
143 | 137 |
|
144 |
// Get page details |
|
145 |
// $database = new database(); |
|
146 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; |
|
147 |
$sql .= 'WHERE `page_id` = '.$page_id; |
|
148 |
$results = $database->query($sql); |
|
138 |
$results_array = $results->fetchRow(); |
|
139 |
$old_admin_groups = explode(',', $results_array['admin_groups']); |
|
140 |
$old_admin_users = explode(',', $results_array['admin_users']); |
|
141 |
$in_old_group = FALSE; |
|
142 |
foreach($admin->get_groups_id() as $cur_gid) |
|
143 |
{ |
|
144 |
if (in_array($cur_gid, $old_admin_groups)) |
|
145 |
{ |
|
146 |
$in_old_group = TRUE; |
|
147 |
} |
|
148 |
} |
|
149 |
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) |
|
150 |
{ |
|
151 |
$admin->print_header(); |
|
152 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
153 |
} |
|
149 | 154 |
|
150 |
if($database->is_error()) |
|
151 |
{ |
|
152 |
// $admin->print_header(); |
|
153 |
$admin->print_error($database->get_error()); |
|
154 |
} |
|
155 |
if($results->numRows() == 0) |
|
156 |
{ |
|
157 |
// $admin->print_header(); |
|
158 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
159 |
} |
|
160 |
$results_array = $results->fetchRow(); |
|
155 |
// Get page details |
|
156 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; |
|
157 |
$sql .= 'WHERE `page_id` = '.$page_id; |
|
158 |
$results = $database->query($sql); |
|
161 | 159 |
|
162 |
// Set module permissions |
|
163 |
$module_permissions = $_SESSION['MODULE_PERMISSIONS']; |
|
160 |
if($database->is_error()) |
|
161 |
{ |
|
162 |
// $admin->print_header(); |
|
163 |
$admin->print_error($database->get_error()); |
|
164 |
} |
|
165 |
if($results->numRows() == 0) |
|
166 |
{ |
|
167 |
// $admin->print_header(); |
|
168 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
169 |
} |
|
170 |
$results_array = $results->fetchRow(); |
|
164 | 171 |
|
165 |
// Unset block var |
|
166 |
unset($block); |
|
167 |
// Include template info file (if it exists) |
|
168 |
if($results_array['template'] != '') |
|
169 |
{ |
|
170 |
$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php'; |
|
171 |
} else { |
|
172 |
$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php'; |
|
173 |
} |
|
174 |
if(file_exists($template_location)) |
|
175 |
{ |
|
176 |
require($template_location); |
|
177 |
} |
|
178 |
// Check if $menu is set |
|
179 |
if(!isset($block[1]) || $block[1] == '') |
|
180 |
{ |
|
181 |
// Make our own menu list |
|
182 |
$block[1] = $TEXT['MAIN']; |
|
183 |
} |
|
172 |
// Set module permissions |
|
173 |
$module_permissions = $_SESSION['MODULE_PERMISSIONS']; |
|
184 | 174 |
|
185 |
/*-- load css files with jquery --*/ |
|
186 |
// include jscalendar-setup |
|
187 |
$jscal_use_time = true; // whether to use a clock, too |
|
188 |
require_once(WB_PATH."/include/jscalendar/wb-setup.php"); |
|
175 |
// Unset block var |
|
176 |
unset($block); |
|
177 |
// Include template info file (if it exists) |
|
178 |
if($results_array['template'] != '') |
|
179 |
{ |
|
180 |
$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php'; |
|
181 |
} else { |
|
182 |
$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php'; |
|
183 |
} |
|
184 |
if(file_exists($template_location)) |
|
185 |
{ |
|
186 |
require($template_location); |
|
187 |
} |
|
188 |
// Check if $menu is set |
|
189 |
if(!isset($block[1]) || $block[1] == '') |
|
190 |
{ |
|
191 |
// Make our own menu list |
|
192 |
$block[1] = $TEXT['MAIN']; |
|
193 |
} |
|
189 | 194 |
|
190 |
// Setup template object |
|
191 |
$template = new Template(THEME_PATH.'/templates'); |
|
192 |
$template->set_file('page', 'pages_sections.htt'); |
|
193 |
$template->set_block('page', 'main_block', 'main'); |
|
194 |
$template->set_block('main_block', 'module_block', 'module_list'); |
|
195 |
$template->set_block('main_block', 'section_block', 'section_list'); |
|
196 |
$template->set_block('section_block', 'block_block', 'block_list'); |
|
197 |
$template->set_block('main_block', 'calendar_block', 'calendar_list'); |
|
198 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
195 |
/*-- load css files with jquery --*/ |
|
196 |
// include jscalendar-setup |
|
197 |
$jscal_use_time = true; // whether to use a clock, too |
|
198 |
require_once(WB_PATH."/include/jscalendar/wb-setup.php"); |
|
199 | 199 |
|
200 |
// set first defaults and messages |
|
201 |
$template->set_var(array( |
|
202 |
'PAGE_ID' => $results_array['page_id'], |
|
203 |
// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), |
|
204 |
'PAGE_IDKEY' => $results_array['page_id'], |
|
205 |
'TEXT_PAGE' => $TEXT['PAGE'], |
|
206 |
'PAGE_TITLE' => ($results_array['page_title']), |
|
207 |
'MENU_TITLE' => ($results_array['menu_title']), |
|
208 |
'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'], |
|
209 |
'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], |
|
210 |
'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], |
|
211 |
'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'], |
|
212 |
'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], |
|
213 |
'TEXT_ID' => 'ID', |
|
214 |
'TEXT_TYPE' => $TEXT['TYPE'], |
|
215 |
'TEXT_BLOCK' => $TEXT['BLOCK'], |
|
216 |
'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'}, |
|
217 |
'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'], |
|
218 |
'TEXT_ACTIONS' => $TEXT['ACTIONS'], |
|
219 |
'ADMIN_URL' => ADMIN_URL, |
|
220 |
'WB_URL' => WB_URL, |
|
221 |
'THEME_URL' => THEME_URL |
|
222 |
) |
|
223 |
); |
|
200 |
// Setup template object |
|
201 |
$tpl = new Template(THEME_PATH.'/templates'); |
|
202 |
$tpl->set_file('page', 'pages_sections.htt'); |
|
203 |
$tpl->set_block('page', 'main_block', 'main'); |
|
204 |
$tpl->set_block('main_block', 'module_block', 'module_list'); |
|
205 |
$tpl->set_block('main_block', 'section_block', 'section_list'); |
|
206 |
$tpl->set_block('section_block', 'block_block', 'block_list'); |
|
207 |
$tpl->set_block('main_block', 'calendar_block', 'calendar_list'); |
|
208 |
$tpl->set_var('FTAN', $admin->getFTAN()); |
|
224 | 209 |
|
225 |
// Insert variables |
|
226 |
$template->set_var(array( |
|
227 |
'PAGE_ID' => $results_array['page_id'], |
|
228 |
// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), |
|
229 |
'PAGE_IDKEY' => $results_array['page_id'], |
|
230 |
'VAR_PAGE_TITLE' => $results_array['page_title'], |
|
231 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], |
|
232 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] |
|
233 |
) |
|
234 |
); |
|
210 |
// set first defaults and messages |
|
211 |
$tpl->set_var(array( |
|
212 |
'PAGE_ID' => $results_array['page_id'], |
|
213 |
// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), |
|
214 |
'PAGE_IDKEY' => $results_array['page_id'], |
|
215 |
'TEXT_PAGE' => $TEXT['PAGE'], |
|
216 |
'PAGE_TITLE' => ($results_array['page_title']), |
|
217 |
'MENU_TITLE' => ($results_array['menu_title']), |
|
218 |
'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'], |
|
219 |
'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], |
|
220 |
'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], |
|
221 |
'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'], |
|
222 |
'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], |
|
223 |
'TEXT_ID' => 'ID', |
|
224 |
'TEXT_TYPE' => $TEXT['TYPE'], |
|
225 |
'TEXT_BLOCK' => $TEXT['BLOCK'], |
|
226 |
'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'}, |
|
227 |
'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'], |
|
228 |
'TEXT_ACTIONS' => $TEXT['ACTIONS'], |
|
229 |
'ADMIN_URL' => ADMIN_URL, |
|
230 |
'WB_URL' => WB_URL, |
|
231 |
'THEME_URL' => THEME_URL |
|
232 |
) |
|
233 |
); |
|
235 | 234 |
|
236 |
$sql = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` '; |
|
237 |
$sql .= 'FROM `'.TABLE_PREFIX.'sections` '; |
|
238 |
$sql .= 'WHERE `page_id` = '.$page_id.' '; |
|
239 |
$sql .= 'ORDER BY `position` ASC'; |
|
240 |
$query_sections = $database->query($sql); |
|
235 |
// Insert variables |
|
236 |
$tpl->set_var(array( |
|
237 |
'PAGE_ID' => $results_array['page_id'], |
|
238 |
// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), |
|
239 |
'PAGE_IDKEY' => $results_array['page_id'], |
|
240 |
'VAR_PAGE_TITLE' => $results_array['page_title'], |
|
241 |
'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], |
|
242 |
'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] |
|
243 |
) |
|
244 |
); |
|
241 | 245 |
|
242 |
if($query_sections->numRows() > 0) |
|
243 |
{ |
|
244 |
$num_sections = $query_sections->numRows(); |
|
245 |
while($section = $query_sections->fetchRow()) |
|
246 |
{ |
|
247 |
if(!is_numeric(array_search($section['module'], $module_permissions))) |
|
248 |
{ |
|
249 |
// Get the modules real name |
|
250 |
$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; |
|
251 |
$sql .= 'WHERE `directory` = "'.$section['module'].'"'; |
|
252 |
if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module'])) |
|
253 |
{ |
|
254 |
$edit_page = '<span class="module_disabled">'.$section['module'].'</span>'; |
|
255 |
}else |
|
256 |
{ |
|
257 |
$edit_page = ''; |
|
258 |
} |
|
259 |
$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']; |
|
260 |
$edit_page_1 = $section['section_id'].'">'.$section['module'].'</a>'; |
|
261 |
if(SECTION_BLOCKS) |
|
262 |
{ |
|
263 |
if($edit_page == '') |
|
264 |
{ |
|
265 |
if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) |
|
246 |
$sql = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` '; |
|
247 |
$sql .= 'FROM `'.TABLE_PREFIX.'sections` '; |
|
248 |
$sql .= 'WHERE `page_id` = '.$page_id.' '; |
|
249 |
$sql .= 'ORDER BY `position` ASC'; |
|
250 |
$query_sections = $database->query($sql); |
|
251 |
|
|
252 |
if($query_sections->numRows() > 0) |
|
253 |
{ |
|
254 |
$num_sections = $query_sections->numRows(); |
|
255 |
while($section = $query_sections->fetchRow()) |
|
256 |
{ |
|
257 |
if(!is_numeric(array_search($section['module'], $module_permissions))) |
|
258 |
{ |
|
259 |
// Get the modules real name |
|
260 |
$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; |
|
261 |
$sql .= 'WHERE `directory` = "'.$section['module'].'"'; |
|
262 |
if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module'])) |
|
266 | 263 |
{ |
267 |
$edit_page = $edit_page_0.'&wysiwyg='.$edit_page_1; |
|
264 |
$edit_page = '<span class="module_disabled">'.$section['module'].'</span>'; |
|
265 |
}else |
|
266 |
{ |
|
267 |
$edit_page = ''; |
|
268 |
} |
|
269 |
$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']; |
|
270 |
$edit_page_1 = $section['section_id'].'">'.$section['module'].'</a>'; |
|
271 |
if(SECTION_BLOCKS) |
|
272 |
{ |
|
273 |
if($edit_page == '') |
|
274 |
{ |
|
275 |
if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) |
|
276 |
{ |
|
277 |
$edit_page = $edit_page_0.'&wysiwyg='.$edit_page_1; |
|
278 |
} else { |
|
279 |
$edit_page = $edit_page_0.'#wb_'.$edit_page_1; |
|
280 |
} |
|
281 |
} |
|
282 |
$input_attribute = 'input_normal'; |
|
283 |
$tpl->set_var(array( |
|
284 |
'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"', |
|
285 |
'NAME_SIZE' => 300, |
|
286 |
'INPUT_ATTRIBUTE' => $input_attribute, |
|
287 |
'VAR_SECTION_ID' => $section['section_id'], |
|
288 |
'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), |
|
289 |
// 'VAR_SECTION_IDKEY' => $section['section_id'], |
|
290 |
'VAR_POSITION' => $section['position'], |
|
291 |
'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, |
|
292 |
'SELECT' => '', |
|
293 |
'SET_NONE_DISPLAY_OPTION' => '' |
|
294 |
) |
|
295 |
); |
|
296 |
// Add block options to the section_list |
|
297 |
$tpl->clear_var('block_list'); |
|
298 |
foreach($block AS $number => $name) |
|
299 |
{ |
|
300 |
$tpl->set_var('NAME', htmlentities(strip_tags($name))); |
|
301 |
$tpl->set_var('VALUE', $number); |
|
302 |
$tpl->set_var('SIZE', 1); |
|
303 |
if($section['block'] == $number) |
|
304 |
{ |
|
305 |
$tpl->set_var('SELECTED', ' selected="selected"'); |
|
306 |
} else { |
|
307 |
$tpl->set_var('SELECTED', ''); |
|
308 |
} |
|
309 |
$tpl->parse('block_list', 'block_block', true); |
|
310 |
} |
|
268 | 311 |
} else { |
269 |
$edit_page = $edit_page_0.'#wb_'.$edit_page_1; |
|
312 |
if($edit_page == '') |
|
313 |
{ |
|
314 |
$edit_page = $edit_page_0.'#wb_'.$edit_page_1; |
|
315 |
} |
|
316 |
$input_attribute = 'input_normal'; |
|
317 |
$tpl->set_var(array( |
|
318 |
'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"', |
|
319 |
'NAME_SIZE' => 300, |
|
320 |
'INPUT_ATTRIBUTE' => $input_attribute, |
|
321 |
'VAR_SECTION_ID' => $section['section_id'], |
|
322 |
'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), |
|
323 |
// 'VAR_SECTION_IDKEY' => $section['section_id'], |
|
324 |
'VAR_POSITION' => $section['position'], |
|
325 |
'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, |
|
326 |
'NAME' => htmlentities(strip_tags($block[1])), |
|
327 |
'VALUE' => 1, |
|
328 |
'SET_NONE_DISPLAY_OPTION' => '' |
|
329 |
) |
|
330 |
); |
|
270 | 331 |
} |
271 |
} |
|
272 |
$input_attribute = 'input_normal'; |
|
273 |
$template->set_var(array( |
|
274 |
'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"', |
|
275 |
'NAME_SIZE' => 300, |
|
276 |
'INPUT_ATTRIBUTE' => $input_attribute, |
|
277 |
'VAR_SECTION_ID' => $section['section_id'], |
|
278 |
// 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), |
|
279 |
'VAR_SECTION_IDKEY' => $section['section_id'], |
|
280 |
'VAR_POSITION' => $section['position'], |
|
281 |
'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, |
|
282 |
'SELECT' => '', |
|
283 |
'SET_NONE_DISPLAY_OPTION' => '' |
|
284 |
) |
|
285 |
); |
Also available in: Unified diff
! security fixes media, groups, users, sections
! reworked add sections in pages
! fix set empty href in show_menu2
! set show_menu2 version to 4.9.6
! reworked Droplet LoginBox, add redirect query
- remove unneeded folder js
! set Droplet to version 1.1.0
+ add checkboxes to change frontend absolute url to relative urls
! set output_filter version to 0.2