Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1474) +++ branches/2.8.x/CHANGELOG (revision 1475) @@ -11,6 +11,18 @@ ! = Update/Change ------------------------------------- 2.8.2 ------------------------------------ +13 Jul-2011 Build 1475 Dietmar Woellbrink (Luisehahne) ++ add SecureForm.mtab.php under mantennance by WebsiteBaker Community +! security fixes media, groups, users, sections +# change lang variable to remove upgrade-script +! reworked add sections in pages +! fix set empty href in show_menu2 +! set show_menu2 version to 4.9.6 +! reworked Droplet LoginBox, add redirect query +- remove unneeded folder js +! set Droplet to version 1.1.0 ++ add checkboxes to change frontend absolute url to relative urls +! set output_filter version to 0.2 12 Jul-2011 Build 1474 Werner v.d.Decken(DarkViper) # for security reasons the 'remember me' functionality is deaktivated in class login Index: branches/2.8.x/wb/admin/groups/groups.php =================================================================== --- branches/2.8.x/wb/admin/groups/groups.php (revision 1474) +++ branches/2.8.x/wb/admin/groups/groups.php (revision 1475) @@ -20,178 +20,171 @@ require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); -// Create new database object -// $database = new database(); +// Set parameter 'action' as alternative to javascript mechanism +$action = 'cancel'; +// Set parameter 'action' as alternative to javascript mechanism +$action = (isset($_POST['modify']) ? 'modify' : $action ); +$action = (isset($_POST['delete']) ? 'delete' : $action ); -if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) { - header("Location: index.php"); - exit(0); -} +switch ($action): + case 'modify' : -// Set parameter 'action' as alternative to javascript mechanism -if(isset($_POST['modify'])) - $_POST['action'] = "modify"; -if(isset($_POST['delete'])) - $_POST['action'] = "delete"; + // Create new admin object + $admin = new admin('Access', 'groups_modify' ); + // Check if group group_id is a valid number and doesnt equal 1 + $group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); + if( ($group_id < 2 ) ) + { + // if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + } -// Check if group group_id is a valid number and doesnt equal 1 -if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) { - header("Location: index.php"); - exit(0); -} + // Get existing values + $results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$group_id."'"); + $group = $results->fetchRow(); + // Setup template object + $template = new Template(THEME_PATH.'/templates'); + $template->set_file('page', 'groups_form.htt'); + $template->set_block('page', 'main_block', 'main'); + $template->set_var( array( + 'ACTION_URL' => ADMIN_URL.'/groups/save.php', + 'SUBMIT_TITLE' => $TEXT['SAVE'], + 'GROUP_ID' => $group['group_id'], + 'GROUP_NAME' => $group['name'], + 'ADVANCED_ACTION' => 'groups.php', + 'FTAN' => $admin->getFTAN() + )); + // Tell the browser whether or not to show advanced options + if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { + $template->set_var('DISPLAY_ADVANCED', ''); + $template->set_var('DISPLAY_BASIC', 'display:none;'); + $template->set_var('ADVANCED', 'yes'); + $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); + } else { + $template->set_var('DISPLAY_ADVANCED', 'display:none;'); + $template->set_var('DISPLAY_BASIC', ''); + $template->set_var('ADVANCED', 'no'); + $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); + } -if($_POST['action'] == 'modify') { - // Create new admin object - $admin = new admin('Access', 'groups_modify', false); -/* */ - if (!$admin->checkFTAN()) - { - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); - } + // Explode system permissions + $system_permissions = explode(',', $group['system_permissions']); + // Check system permissions boxes + foreach($system_permissions AS $name) { + $template->set_var($name.'_checked', ' checked="checked"'); + } + // Explode module permissions + $module_permissions = explode(',', $group['module_permissions']); + // Explode template permissions + $template_permissions = explode(',', $group['template_permissions']); - // Print header - $admin->print_header(); - // Get existing values - $results = $database->query("SELECT * FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."'"); - $group = $results->fetchRow(); - // Setup template object - $template = new Template(THEME_PATH.'/templates'); - $template->set_file('page', 'groups_form.htt'); - $template->set_block('page', 'main_block', 'main'); - $template->set_var( array( - 'ACTION_URL' => ADMIN_URL.'/groups/save.php', - 'SUBMIT_TITLE' => $TEXT['SAVE'], - 'GROUP_ID' => $group['group_id'], - 'GROUP_NAME' => $group['name'], - 'ADVANCED_ACTION' => 'groups.php', - 'FTAN' => $admin->getFTAN() - )); - // Tell the browser whether or not to show advanced options - if( true == (isset( $_POST['advanced']) AND ( strpos( $_POST['advanced'], ">>") > 0 ) ) ) { - $template->set_var('DISPLAY_ADVANCED', ''); - $template->set_var('DISPLAY_BASIC', 'display:none;'); - $template->set_var('ADVANCED', 'yes'); - $template->set_var('ADVANCED_BUTTON', '<< '.$TEXT['HIDE_ADVANCED']); - } else { - $template->set_var('DISPLAY_ADVANCED', 'display:none;'); - $template->set_var('DISPLAY_BASIC', ''); - $template->set_var('ADVANCED', 'no'); - $template->set_var('ADVANCED_BUTTON', $TEXT['SHOW_ADVANCED'].' >>'); - } + // Insert values into module list + $template->set_block('main_block', 'module_list_block', 'module_list'); + $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); + if($result->numRows() > 0) { + while($addon = $result->fetchRow()) { + $template->set_var('VALUE', $addon['directory']); + $template->set_var('NAME', $addon['name']); + if(!is_numeric(array_search($addon['directory'], $module_permissions))) { + $template->set_var('CHECKED', ' checked="checked"'); + } else { + $template->set_var('CHECKED', ''); + } + $template->parse('module_list', 'module_list_block', true); + } + } - // Explode system permissions - $system_permissions = explode(',', $group['system_permissions']); - // Check system permissions boxes - foreach($system_permissions AS $name) { - $template->set_var($name.'_checked', ' checked="checked"'); - } - // Explode module permissions - $module_permissions = explode(',', $group['module_permissions']); - // Explode template permissions - $template_permissions = explode(',', $group['template_permissions']); - - // Insert values into module list - $template->set_block('main_block', 'module_list_block', 'module_list'); - $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "module" AND `function` = "page" ORDER BY `name`'); - if($result->numRows() > 0) { - while($addon = $result->fetchRow()) { - $template->set_var('VALUE', $addon['directory']); - $template->set_var('NAME', $addon['name']); - if(!is_numeric(array_search($addon['directory'], $module_permissions))) { - $template->set_var('CHECKED', ' checked="checked"'); - } else { - $template->set_var('CHECKED', ''); + // Insert values into template list + $template->set_block('main_block', 'template_list_block', 'template_list'); + $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); + if($result->numRows() > 0) { + while($addon = $result->fetchRow()) { + $template->set_var('VALUE', $addon['directory']); + $template->set_var('NAME', $addon['name']); + if(!is_numeric(array_search($addon['directory'], $template_permissions))) { + $template->set_var('CHECKED', ' checked="checked"'); + } else { + $template->set_var('CHECKED', ''); + } + $template->parse('template_list', 'template_list_block', true); + } } - $template->parse('module_list', 'module_list_block', true); - } - } - - // Insert values into template list - $template->set_block('main_block', 'template_list_block', 'template_list'); - $result = $database->query('SELECT * FROM `'.TABLE_PREFIX.'addons` WHERE `type` = "template" ORDER BY `name`'); - if($result->numRows() > 0) { - while($addon = $result->fetchRow()) { - $template->set_var('VALUE', $addon['directory']); - $template->set_var('NAME', $addon['name']); - if(!is_numeric(array_search($addon['directory'], $template_permissions))) { - $template->set_var('CHECKED', ' checked="checked"'); + + // Insert language text and messages + $template->set_var(array( + 'TEXT_RESET' => $TEXT['RESET'], + 'TEXT_ACTIVE' => $TEXT['ACTIVE'], + 'TEXT_DISABLED' => $TEXT['DISABLED'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], + 'TEXT_PASSWORD' => $TEXT['PASSWORD'], + 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], + 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], + 'TEXT_EMAIL' => $TEXT['EMAIL'], + 'TEXT_GROUP' => $TEXT['GROUP'], + 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], + 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], + 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], + 'TEXT_NAME' => $TEXT['NAME'], + 'SECTION_PAGES' => $MENU['PAGES'], + 'SECTION_MEDIA' => $MENU['MEDIA'], + 'SECTION_MODULES' => $MENU['MODULES'], + 'SECTION_TEMPLATES' => $MENU['TEMPLATES'], + 'SECTION_LANGUAGES' => $MENU['LANGUAGES'], + 'SECTION_SETTINGS' => $MENU['SETTINGS'], + 'SECTION_USERS' => $MENU['USERS'], + 'SECTION_GROUPS' => $MENU['GROUPS'], + 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], + 'TEXT_VIEW' => $TEXT['VIEW'], + 'TEXT_ADD' => $TEXT['ADD'], + 'TEXT_LEVEL' => $TEXT['LEVEL'], + 'TEXT_MODIFY' => $TEXT['MODIFY'], + 'TEXT_DELETE' => $TEXT['DELETE'], + 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], + 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], + 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], + 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], + 'TEXT_RENAME' => $TEXT['RENAME'], + 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], + 'TEXT_BASIC' => $TEXT['BASIC'], + 'TEXT_ADVANCED' => $TEXT['ADVANCED'], + 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], + 'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'], + )); + + // Parse template object + $template->parse('main', 'main_block', false); + $template->pparse('output', 'page'); + break; + case 'delete' : + // Create new admin object + $admin = new admin('Access', 'groups_delete'); + $group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); + // Check if user id is a valid number and doesnt equal 1 + if( ($group_id < 2 ) ) + { + // if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + } + // Print header + $admin->print_header(); + // Delete the group + $database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$group_id."' LIMIT 1"); + if($database->is_error()) { + $admin->print_error($database->get_error()); } else { - $template->set_var('CHECKED', ''); + // Delete users in the group + $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$group_id."'"); + if($database->is_error()) { + $admin->print_error($database->get_error()); + } else { + $admin->print_success($MESSAGE['GROUPS']['DELETED']); + } } - $template->parse('template_list', 'template_list_block', true); - } - } - - // Insert language text and messages - $template->set_var(array( - 'TEXT_RESET' => $TEXT['RESET'], - 'TEXT_ACTIVE' => $TEXT['ACTIVE'], - 'TEXT_DISABLED' => $TEXT['DISABLED'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_USERNAME' => $TEXT['USERNAME'], - 'TEXT_PASSWORD' => $TEXT['PASSWORD'], - 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], - 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], - 'TEXT_EMAIL' => $TEXT['EMAIL'], - 'TEXT_GROUP' => $TEXT['GROUP'], - 'TEXT_SYSTEM_PERMISSIONS' => $TEXT['SYSTEM_PERMISSIONS'], - 'TEXT_MODULE_PERMISSIONS' => $TEXT['MODULE_PERMISSIONS'], - 'TEXT_TEMPLATE_PERMISSIONS' => $TEXT['TEMPLATE_PERMISSIONS'], - 'TEXT_NAME' => $TEXT['NAME'], - 'SECTION_PAGES' => $MENU['PAGES'], - 'SECTION_MEDIA' => $MENU['MEDIA'], - 'SECTION_MODULES' => $MENU['MODULES'], - 'SECTION_TEMPLATES' => $MENU['TEMPLATES'], - 'SECTION_LANGUAGES' => $MENU['LANGUAGES'], - 'SECTION_SETTINGS' => $MENU['SETTINGS'], - 'SECTION_USERS' => $MENU['USERS'], - 'SECTION_GROUPS' => $MENU['GROUPS'], - 'SECTION_ADMINTOOLS' => $MENU['ADMINTOOLS'], - 'TEXT_VIEW' => $TEXT['VIEW'], - 'TEXT_ADD' => $TEXT['ADD'], - 'TEXT_LEVEL' => $TEXT['LEVEL'], - 'TEXT_MODIFY' => $TEXT['MODIFY'], - 'TEXT_DELETE' => $TEXT['DELETE'], - 'TEXT_MODIFY_CONTENT' => $TEXT['MODIFY_CONTENT'], - 'TEXT_MODIFY_SETTINGS' => $TEXT['MODIFY_SETTINGS'], - 'HEADING_MODIFY_INTRO_PAGE' => $HEADING['MODIFY_INTRO_PAGE'], - 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], - 'TEXT_RENAME' => $TEXT['RENAME'], - 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], - 'TEXT_BASIC' => $TEXT['BASIC'], - 'TEXT_ADVANCED' => $TEXT['ADVANCED'], - 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], - 'HEADING_MODIFY_GROUP' => $HEADING['MODIFY_GROUP'], - )); - - // Parse template object - $template->parse('main', 'main_block', false); - $template->pparse('output', 'page'); -} elseif($_POST['action'] == 'delete') { - // Create new admin object - $admin = new admin('Access', 'groups_delete', false); -/* */ - if (!$admin->checkFTAN()) - { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); - } - // Print header - $admin->print_header(); - // Delete the group - $database->query("DELETE FROM ".TABLE_PREFIX."groups WHERE group_id = '".$_POST['group_id']."' LIMIT 1"); - if($database->is_error()) { - $admin->print_error($database->get_error()); - } else { - // Delete users in the group - $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE group_id = '".$_POST['group_id']."'"); - if($database->is_error()) { - $admin->print_error($database->get_error()); - } else { - $admin->print_success($MESSAGE['GROUPS']['DELETED']); - } - } -} + break; + default: + break; +endswitch; // Print admin footer $admin->print_footer(); Index: branches/2.8.x/wb/admin/groups/index.php =================================================================== --- branches/2.8.x/wb/admin/groups/index.php (revision 1474) +++ branches/2.8.x/wb/admin/groups/index.php (revision 1475) @@ -53,7 +53,7 @@ $template->parse('list', 'list_block', true); // Loop through groups while($group = $results->fetchRow()) { - $template->set_var('VALUE', $group['group_id']); + $template->set_var('VALUE',$admin->getIDKEY($group['group_id'])); $template->set_var('NAME', $group['name']); $template->parse('list', 'list_block', true); } @@ -195,5 +195,3 @@ // Print the admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/media/rename2.php =================================================================== --- branches/2.8.x/wb/admin/media/rename2.php (revision 1474) +++ branches/2.8.x/wb/admin/media/rename2.php (revision 1475) @@ -24,37 +24,30 @@ // Include the WB functions file require_once(WB_PATH.'/framework/functions.php'); -// Get list of file types to which we're supposed to append 'txt' -$get_result = $database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); -$file_extension_string = ''; -if ($get_result->numRows()>0) { - $fetch_result = $get_result->fetchRow(); - $file_extension_string = $fetch_result['value']; -} -$file_extensions=explode(",",$file_extension_string); - // Get the current dir -// $directory = $admin->get_post('dir'); - -// Target location $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $directory = (isset(${$requestMethod}['dir'])) ? ${$requestMethod}['dir'] : ''; -if($directory == '/') { - $directory = ''; -} +$directory = ($directory == '/') ? '' : $directory; -// Check to see if it contains .. +$dirlink = 'browse.php?dir='.$directory; +$rootlink = 'browse.php?dir='; +// $file_id = intval($admin->get_post('id')); + +// first Check to see if it contains .. if (!check_media_path($directory)) { - $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); + $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false); } // Get the temp id -$file_id = $admin->checkIDKEY('id', false, 'POST'); +$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); if (!$file_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false); } +// Check for potentially malicious files and append 'txt' to their name +$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); +// hardcodet forbidden filetypes +$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; // Get home folder not to show $home_folders = get_home_folders(); @@ -62,13 +55,17 @@ if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { // Loop through the files and dirs an add to list while (false !== ($file = readdir($handle))) { + $info = pathinfo($file); + $ext = isset($info['extension']) ? $info['extension'] : ''; if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { - if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { - if(!isset($home_folders[$directory.'/'.$file])) { - $DIR[] = $file; + if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { + if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { + if(!isset($home_folders[$directory.'/'.$file])) { + $DIR[] = $file; + } + } else { + $FILE[] = $file; } - } else { - $FILE[] = $file; } } } @@ -94,9 +91,11 @@ } } } + $file_id = $admin->getIDKEY($file_id); + if(!isset($rename_file)) { - $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false); } // Check if they entered a new name @@ -121,6 +120,14 @@ // Join new name and extension $name = $new_name.$extension; +$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name); +$ext = isset($info['extension']) ? $info['extension'] : ''; +$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); + +if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { + $admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); +} + // Check if the name contains .. if(strstr($name, '..')) { $admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false); @@ -136,14 +143,13 @@ $admin->print_error($MESSAGE['MEDIA']['BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false); } -// Check for potentially malicious files and append 'txt' to their name -foreach($file_extensions as $file_ext) { - $file_ext_len=strlen($file_ext); - if (substr($name,-$file_ext_len)==$file_ext) { - $name.='.txt'; - } -} +$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file); +$ext = isset($info['extension']) ? $info['extension'] : ''; +$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); +if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { + $admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); +} // Check if we should overwrite or not if($admin->get_post('overwrite') != 'yes' AND file_exists(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name) == true) { @@ -160,7 +166,7 @@ // feature freeze // require_once(ADMIN_PATH.'/media/dse.php'); - $admin->print_success($MESSAGE['MEDIA']['RENAMED'], "browse.php?dir=$directory"); + $admin->print_success($MESSAGE['MEDIA']['RENAMED'], $dirlink); } else { $admin->print_error($MESSAGE['MEDIA']['CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); } Index: branches/2.8.x/wb/admin/media/browse.php =================================================================== --- branches/2.8.x/wb/admin/media/browse.php (revision 1474) +++ branches/2.8.x/wb/admin/media/browse.php (revision 1475) @@ -94,10 +94,13 @@ $currentHome : $admin->strip_slashes($admin->get_get('dir')) ; + if($directory == '/' OR $directory == '\\') { $directory = ''; } +$dir_backlink = 'browse.php?dir='.$directory; + // Check to see if it contains ../ if (!check_media_path($directory)) { // $admin->print_header(); @@ -159,16 +162,16 @@ if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { // Loop through the files and dirs an add to list - while(false !== ($file = readdir($handle))) { + while (false !== ($file = readdir($handle))) { + $info = pathinfo($file); + $ext = isset($info['extension']) ? $info['extension'] : ''; if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { - if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { - if(!isset($home_folders[$directory.'/'.$file])) { - $DIR[] = $file; - } - } else { - $info = pathinfo($file); - $ext = isset($info['extension']) ? $info['extension'] : ''; - if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { + if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { + if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { + if(!isset($home_folders[$directory.'/'.$file])) { + $DIR[] = $file; + } + } else { $FILE[] = $file; } } @@ -186,6 +189,7 @@ 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), + // 'TEMP_ID' => $temp_id, 'LINK' => "browse.php?dir=$directory/$link_name", 'LINK_TARGET' => '_self', 'ROW_BG_COLOR' => $row_bg_color, @@ -246,6 +250,7 @@ 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), + // 'TEMP_ID' => $temp_id, 'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, 'LINK_TARGET' => '_blank', 'ROW_BG_COLOR' => $row_bg_color, Index: branches/2.8.x/wb/admin/media/delete.php =================================================================== --- branches/2.8.x/wb/admin/media/delete.php (revision 1474) +++ branches/2.8.x/wb/admin/media/delete.php (revision 1475) @@ -26,20 +26,21 @@ // Get the current dir $directory = $admin->get_get('dir'); -if($directory == '/') { - $directory = ''; -} +$directory = ($directory == '/') ? '' : $directory; +$dirlink = 'browse.php?dir='.$directory; +$rootlink = 'browse.php?dir='; + // Check to see if it contains .. if (!check_media_path($directory)) { // $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],WB_URL.'/admin/media/browse.php?dir=',false ); + $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink,false ); } -// Get the temp id -$file_id = $admin->checkIDKEY('id', false, 'GET'); +// Get the file id +$file_id = $admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']); if (!$file_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL.'/admin/media/browse.php?dir=',false); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink,false); } // Get home folder not to show @@ -52,8 +53,6 @@ if(!empty($currentdir)) { $usedFiles = $Dse->getMatchesFromDir( $directory, DseTwo::RETURN_USED); } -print '
function '.__FUNCTION__.'();  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> 
';
-print_r( $usedFiles ); print '
'; // flush ();sleep(10); die(); */ // Figure out what folder name the temp id is if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { @@ -94,12 +93,12 @@ // Check to see if we could find an id to match if(!isset($delete_file)) { - $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false); } $relative_path = WB_PATH.MEDIA_DIRECTORY.'/'.$directory.'/'.$delete_file; // Check if the file/folder exists if(!file_exists($relative_path)) { - $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false); } // Find out whether its a file or folder @@ -106,16 +105,16 @@ if($type == 'folder') { // Try and delete the directory if(rm_full_dir($relative_path)) { - $admin->print_success($MESSAGE['MEDIA']['DELETED_DIR'], "browse.php?dir=$directory"); + $admin->print_success($MESSAGE['MEDIA']['DELETED_DIR'], $dirlink); } else { - $admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_DIR'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_DIR'], $dirlink, false); } } else { // Try and delete the file if(unlink($relative_path)) { - $admin->print_success($MESSAGE['MEDIA']['DELETED_FILE'], "browse.php?dir=$directory"); + $admin->print_success($MESSAGE['MEDIA']['DELETED_FILE'], $dirlink); } else { - $admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_FILE'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['CANNOT_DELETE_FILE'], $dirlink, false); } } Index: branches/2.8.x/wb/admin/media/create.php =================================================================== --- branches/2.8.x/wb/admin/media/create.php (revision 1474) +++ branches/2.8.x/wb/admin/media/create.php (revision 1475) @@ -18,7 +18,11 @@ // Print admin header require('../../config.php'); + require_once(WB_PATH.'/framework/class.admin.php'); +// Include the WB functions file +require_once(WB_PATH.'/framework/functions.php'); + // suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_create', false); @@ -25,22 +29,20 @@ // Get dir name and target location $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : ''; -if($name == '') { - header("Location: index.php"); - exit(0); + +// Check to see if name or target contains ../ +if(strstr($name, '..')) { + $admin->print_header(); + $admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); } +// Remove bad characters +$name = trim(media_filename($name),'.'); + // Target location $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; -if($target == '') { - header("Location: index.php"); - exit(0); -} -require_once(WB_PATH.'/framework/class.admin.php'); -// suppress to print the header, so no new FTAN will be set -$admin = new admin('Media', 'media_create', false); if (!$admin->checkFTAN()) { $admin->print_header(); @@ -49,31 +51,18 @@ // After check print the header $admin->print_header(); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Check to see if name or target contains ../ -if(strstr($name, '..')) { - $admin->print_error($MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH']); -} if (!check_media_path($target, false)) { - w_debug("target: $target"); $admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']); } -// Remove bad characters -$name = media_filename($name); - // Create relative path of the new dir name $directory = WB_PATH.$target.'/'.$name; -/* */ // Check to see if the folder already exists if(file_exists($directory)) { $admin->print_error($MESSAGE['MEDIA']['DIR_EXISTS']); } - if ( sizeof(createFolderProtectFile( $directory )) ) { $admin->print_error($MESSAGE['MEDIA']['DIR_NOT_MADE']); Index: branches/2.8.x/wb/admin/media/rename.php =================================================================== --- branches/2.8.x/wb/admin/media/rename.php (revision 1474) +++ branches/2.8.x/wb/admin/media/rename.php (revision 1475) @@ -26,38 +26,49 @@ // Get the current dir $directory = $admin->get_get('dir'); -if($directory == '/') { - $directory = ''; -} +$directory = ($directory == '/') ? '' : $directory; -// Check to see if it contains .. +$dirlink = 'browse.php?dir='.$directory; +$rootlink = 'browse.php?dir='; +// $file_id = intval($admin->get_get('id')); + +// first Check to see if it contains .. if (!check_media_path($directory)) { - $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false); } // Get the temp id -$file_id = $admin->checkIDKEY('id', false, 'GET'); +$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); if (!$file_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false); } // Get home folder not to show $home_folders = get_home_folders(); +// Check for potentially malicious files and append 'txt' to their name +$rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); +// hardcodet forbidden filetypes +$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types; // Figure out what folder name the temp id is if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { // Loop through the files and dirs an add to list while (false !== ($file = readdir($handle))) { + $info = pathinfo($file); + $ext = isset($info['extension']) ? $info['extension'] : ''; if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { - if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { - if(!isset($home_folders[$directory.'/'.$file])) { - $DIR[] = $file; + if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) { + if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { + if(!isset($home_folders[$directory.'/'.$file])) { + $DIR[] = $file; + } + } else { + $FILE[] = $file; } - } else { - $FILE[] = $file; } } } + $temp_id = 0; if(isset($DIR)) { sort($DIR); @@ -69,6 +80,7 @@ } } } + if(isset($FILE)) { sort($FILE); foreach($FILE AS $name) { @@ -82,7 +94,7 @@ } if(!isset($rename_file)) { - $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false); + $admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false); } // Setup template object @@ -109,6 +121,7 @@ 'FILENAME' => $rename_file, 'DIR' => $directory, 'FILE_ID' => $admin->getIDKEY($file_id), + // 'FILE_ID' => $file_id, 'TYPE' => $type, 'EXTENSION' => $extension, 'FTAN' => $admin->getFTAN() Index: branches/2.8.x/wb/admin/media/upload.php =================================================================== --- branches/2.8.x/wb/admin/media/upload.php (revision 1474) +++ branches/2.8.x/wb/admin/media/upload.php (revision 1475) @@ -22,7 +22,7 @@ include_once('parameters.php'); require_once(WB_PATH.'/framework/class.admin.php'); -require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. +// require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. // suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_upload', false); @@ -52,11 +52,7 @@ $resizepath = str_replace(array('/',' '),'_',$target); // Find out whether we should replace files or give an error -if($admin->get_post('overwrite') != '') { - $overwrite = true; -} else { - $overwrite = false; -} +$overwrite = ($admin->get_post('overwrite') != '') ? true : false; // Get list of file types to which we're supposed to append 'txt' $get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); @@ -65,6 +61,7 @@ $fetch_result=$get_result->fetchRow(); $file_extension_string=$fetch_result['value']; } + $file_extensions=explode(",",$file_extension_string); // get from settings and add to forbidden list $rename_file_types = str_replace(',','|',RENAME_FILES_ON_UPLOAD); Index: branches/2.8.x/wb/admin/start/index.php =================================================================== --- branches/2.8.x/wb/admin/start/index.php (revision 1474) +++ branches/2.8.x/wb/admin/start/index.php (revision 1475) @@ -64,7 +64,7 @@ } $msg = (file_exists(WB_PATH.'/install/')) ? $MESSAGE['START']['INSTALL_DIR_EXISTS'] : ''; -$msg .= (file_exists(WB_PATH.'/upgrade-script.php')) ? '
'.$TEXT['DELETE'].' upgrade-script.php ' : ''; +$msg .= (file_exists(WB_PATH.'/upgrade-script.php')) ? '
'.$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] : ''; // Check if installation directory still exists if(file_exists(WB_PATH.'/install/') || file_exists(WB_PATH.'/upgrade-script.php') ) { @@ -138,5 +138,3 @@ // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/templates/details.php =================================================================== --- branches/2.8.x/wb/admin/templates/details.php (revision 1474) +++ branches/2.8.x/wb/admin/templates/details.php (revision 1475) @@ -33,7 +33,7 @@ header("Location: index.php"); exit(0); } else { - $file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-2 + $file = preg_replace("/\W/", "", $_POST['file']); // fix secunia 2010-92-2 } // Check if the template exists Index: branches/2.8.x/wb/admin/pages/index.php =================================================================== --- branches/2.8.x/wb/admin/pages/index.php (revision 1474) +++ branches/2.8.x/wb/admin/pages/index.php (revision 1475) @@ -28,17 +28,7 @@ ?> print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/pages/settings2.php =================================================================== --- branches/2.8.x/wb/admin/pages/settings2.php (revision 1474) +++ branches/2.8.x/wb/admin/pages/settings2.php (revision 1475) @@ -56,20 +56,20 @@ // Get values $page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title'))); $menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title'))); -$page_code = (int) $admin->get_post_escaped('page_code'); +$page_code = intval($admin->get_post('page_code')) ; $description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description')))); $keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords')))); -$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3 +$parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3 $visibility = $admin->get_post_escaped('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3 -$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3 -$target = preg_replace("/\W/", "", $admin->get_post_escaped('target')); +$template = preg_replace("/\W/", "", $admin->get_post('template')); // fix secunia 2010-93-3 +$target = preg_replace("/\W/", "", $admin->get_post('target')); $admin_groups = $admin->get_post_escaped('admin_groups'); $viewing_groups = $admin->get_post_escaped('viewing_groups'); -$searching = (int) $admin->get_post_escaped('searching'); +$searching = intval($admin->get_post('searching')); $language = strtoupper($admin->get_post('language')); $language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); -$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3 +$menu = intval($admin->get_post('menu')); // fix secunia 2010-91-3 // Validate data if($page_title == '' || substr($page_title,0,1)=='.') @@ -325,5 +325,3 @@ // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/pages/sections.php =================================================================== --- branches/2.8.x/wb/admin/pages/sections.php (revision 1474) +++ branches/2.8.x/wb/admin/pages/sections.php (revision 1475) @@ -28,482 +28,491 @@ /* */ $debug = false; // to show position and section_id If(!defined('DEBUG')) { define('DEBUG',$debug);} +// Include the WB functions file +require_once(WB_PATH.'/framework/functions.php'); // Create new admin object require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Pages', 'pages_modify'); +$admin = new admin('Pages', 'pages_modify', false); +$action = 'show'; // Get page id -if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) -{ - header("Location: index.php"); - exit(0); -} else { - $page_id = $_GET['page_id']; -} +$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); +$page_id = intval((isset(${$requestMethod}['page_id'])) ? ${$requestMethod}['page_id'] : 0); +$action = ($page_id ? 'show' : $action); +// Get section id if there is one +$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); +$section_id = ((isset(${$requestMethod}['section_id'])) ? ${$requestMethod}['section_id'] : 0); +$action = ($section_id ? 'delete' : $action); +// Get module if there is one +$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); +$module = ((isset(${$requestMethod}['module'])) ? ${$requestMethod}['module'] : 0); +$action = ($module != '' ? 'add' : $action); +$admin_header = true; +$backlink = ADMIN_URL.'/pages/sections.php?page_id='.(int)$page_id; -/* -if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) ) -{ - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); - exit(); -} -*/ -/* -urlencode function and rawurlencode are mostly based on RFC 1738. -However, since 2005 the current RFC in use for URIs standard is RFC 3986. -Here is a function to encode URLs according to RFC 3986. -*/ -function url_encode($string) { - $string = html_entity_decode($string,ENT_QUOTES,'UTF-8'); - $entities = array('%20', '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D'); - $replacements = array(' ','!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]"); - return str_replace($entities, $replacements, rawurlencode($string)); -} +switch ($action): + case 'delete' : -// Check if we are supposed to add or delete a section -if(isset($_GET['section_id']) && is_numeric($_GET['section_id'])) -{ - // Get more information about this section - $section_id = $_GET['section_id']; - $sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` '; - $sql .= 'WHERE `section_id` ='.$section_id; - $query_section = $database->query($sql); + if( ( !($section_id = intval($admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD'])) )) ) + { + if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink); + } - if($query_section->numRows() == 0) - { - $admin->print_error('Section not found'); - } - $section = $query_section->fetchRow(); - // Include the modules delete file if it exists - if(file_exists(WB_PATH.'/modules/'.$section['module'].'/delete.php')) - { - require(WB_PATH.'/modules/'.$section['module'].'/delete.php'); - } - $sql = 'DELETE FROM `'.TABLE_PREFIX.'sections` '; - $sql .= 'WHERE `section_id` ='.$section_id.' LIMIT 1'; - $query_section = $database->query($sql); + $action = 'show'; + $sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` '; + $sql .= 'WHERE `section_id` ='.$section_id; + if( ( ($modulname = $database->get_one($sql)) == $module) && ($section_id > 0 ) ) { + // Include the modules delete file if it exists + if(file_exists(WB_PATH.'/modules/'.$modulname.'/delete.php')) + { + require(WB_PATH.'/modules/'.$modulname.'/delete.php'); + } + $sql = 'DELETE FROM `'.TABLE_PREFIX.'sections` '; + $sql .= 'WHERE `section_id` ='.(int)$section_id.' LIMIT 1'; + if( !$database->query($sql) ) { + if($admin_header) { $admin->print_header(); } + $admin->print_error($database->get_error(),$backlink); + } else { + require_once(WB_PATH.'/framework/class.order.php'); + $order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); + $order->clean($page_id); + $format = $TEXT['SECTION'].' %d %s %s '.strtolower( $TEXT['DELETED']); + $message = sprintf ($format,$section_id,strtoupper($modulname),strtolower($TEXT['SUCCESS'])); + if($admin_header) { $admin->print_header(); } + $admin_header = false; + unset($_POST); + $admin->print_success($message, $backlink ); + } + } else { + if($admin_header) { $admin->print_header(); } + $admin->print_error($module.' '.strtolower($TEXT['NOT_FOUND']),$backlink); + } - if($database->is_error()) - { - $admin->print_error($database->get_error()); - } else { - require(WB_PATH.'/framework/class.order.php'); + break; + case 'add' : + + if (!$admin->checkFTAN()) + { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink); + } + $action = 'show'; + $module = preg_replace('/\W/', '', $module ); // fix secunia 2010-91-4 + require_once(WB_PATH.'/framework/class.order.php'); + // Get new order $order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); - $order->clean($page_id); - $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id ); - $admin->print_footer(); - exit(); - } -} elseif(isset($_POST['module']) && $_POST['module'] != '') -{ - // Get section info - $module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module'])); // fix secunia 2010-91-4 - // Include the ordering class - require(WB_PATH.'/framework/class.order.php'); - // Get new order - $order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id'); - $position = $order->get_new($page_id); - // Insert module into DB - $sql = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET '; - $sql .= '`page_id` = '.$page_id.', '; - $sql .= '`module` = "'.$module.'", '; - $sql .= '`position` = '.$position.', '; - $sql .= '`block`=1'; - $database->query($sql); - // Get the section id - $section_id = $database->get_one("SELECT LAST_INSERT_ID()"); - // Include the selected modules add file if it exists - if(file_exists(WB_PATH.'/modules/'.$module.'/add.php')) - { - require(WB_PATH.'/modules/'.$module.'/add.php'); - } -} + $position = $order->get_new($page_id); + // Insert module into DB + $sql = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET '; + $sql .= '`page_id` = '.(int)$page_id.', '; + $sql .= '`module` = \''.$module.'\', '; + $sql .= '`position` = '.(int)$position.', '; + $sql .= '`block` = 1'; + if($database->query($sql)) { + // Get the section id + $section_id = $database->get_one("SELECT LAST_INSERT_ID()"); + // Include the selected modules add file if it exists + if(file_exists(WB_PATH.'/modules/'.$module.'/add.php')) + { + require(WB_PATH.'/modules/'.$module.'/add.php'); + } + } elseif ($database->is_error()) { + if($admin_header) { $admin->print_header(); } + $admin->print_error($database->get_error()); + } + break; + default: + break; +endswitch; -// Get perms -// $database = new database(); -$sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; -$sql .= 'WHERE `page_id` = '.$page_id; -$results = $database->query($sql); +switch ($action): + default: -$results_array = $results->fetchRow(); -$old_admin_groups = explode(',', $results_array['admin_groups']); -$old_admin_users = explode(',', $results_array['admin_users']); -$in_old_group = FALSE; -foreach($admin->get_groups_id() as $cur_gid) -{ - if (in_array($cur_gid, $old_admin_groups)) - { - $in_old_group = TRUE; - } -} -if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) -{ - $admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); -} + if($admin_header) { $admin->print_header(); } + // Get perms + $sql = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '; + $sql .= 'WHERE `page_id` = '.$page_id; + $results = $database->query($sql); -// Get page details -// $database = new database(); -$sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; -$sql .= 'WHERE `page_id` = '.$page_id; -$results = $database->query($sql); + $results_array = $results->fetchRow(); + $old_admin_groups = explode(',', $results_array['admin_groups']); + $old_admin_users = explode(',', $results_array['admin_users']); + $in_old_group = FALSE; + foreach($admin->get_groups_id() as $cur_gid) + { + if (in_array($cur_gid, $old_admin_groups)) + { + $in_old_group = TRUE; + } + } + if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) + { + $admin->print_header(); + $admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); + } -if($database->is_error()) -{ - // $admin->print_header(); - $admin->print_error($database->get_error()); -} -if($results->numRows() == 0) -{ - // $admin->print_header(); - $admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); -} -$results_array = $results->fetchRow(); + // Get page details + $sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` '; + $sql .= 'WHERE `page_id` = '.$page_id; + $results = $database->query($sql); -// Set module permissions -$module_permissions = $_SESSION['MODULE_PERMISSIONS']; + if($database->is_error()) + { + // $admin->print_header(); + $admin->print_error($database->get_error()); + } + if($results->numRows() == 0) + { + // $admin->print_header(); + $admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); + } + $results_array = $results->fetchRow(); -// Unset block var -unset($block); -// Include template info file (if it exists) -if($results_array['template'] != '') -{ - $template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php'; -} else { - $template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php'; -} -if(file_exists($template_location)) -{ - require($template_location); -} -// Check if $menu is set -if(!isset($block[1]) || $block[1] == '') -{ - // Make our own menu list - $block[1] = $TEXT['MAIN']; -} + // Set module permissions + $module_permissions = $_SESSION['MODULE_PERMISSIONS']; -/*-- load css files with jquery --*/ -// include jscalendar-setup -$jscal_use_time = true; // whether to use a clock, too -require_once(WB_PATH."/include/jscalendar/wb-setup.php"); + // Unset block var + unset($block); + // Include template info file (if it exists) + if($results_array['template'] != '') + { + $template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php'; + } else { + $template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php'; + } + if(file_exists($template_location)) + { + require($template_location); + } + // Check if $menu is set + if(!isset($block[1]) || $block[1] == '') + { + // Make our own menu list + $block[1] = $TEXT['MAIN']; + } -// Setup template object -$template = new Template(THEME_PATH.'/templates'); -$template->set_file('page', 'pages_sections.htt'); -$template->set_block('page', 'main_block', 'main'); -$template->set_block('main_block', 'module_block', 'module_list'); -$template->set_block('main_block', 'section_block', 'section_list'); -$template->set_block('section_block', 'block_block', 'block_list'); -$template->set_block('main_block', 'calendar_block', 'calendar_list'); -$template->set_var('FTAN', $admin->getFTAN()); + /*-- load css files with jquery --*/ + // include jscalendar-setup + $jscal_use_time = true; // whether to use a clock, too + require_once(WB_PATH."/include/jscalendar/wb-setup.php"); -// set first defaults and messages -$template->set_var(array( - 'PAGE_ID' => $results_array['page_id'], - // 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), - 'PAGE_IDKEY' => $results_array['page_id'], - 'TEXT_PAGE' => $TEXT['PAGE'], - 'PAGE_TITLE' => ($results_array['page_title']), - 'MENU_TITLE' => ($results_array['menu_title']), - 'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'], - 'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], - 'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], - 'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'], - 'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], - 'TEXT_ID' => 'ID', - 'TEXT_TYPE' => $TEXT['TYPE'], - 'TEXT_BLOCK' => $TEXT['BLOCK'], - 'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'}, - 'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'], - 'TEXT_ACTIONS' => $TEXT['ACTIONS'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL - ) - ); + // Setup template object + $tpl = new Template(THEME_PATH.'/templates'); + $tpl->set_file('page', 'pages_sections.htt'); + $tpl->set_block('page', 'main_block', 'main'); + $tpl->set_block('main_block', 'module_block', 'module_list'); + $tpl->set_block('main_block', 'section_block', 'section_list'); + $tpl->set_block('section_block', 'block_block', 'block_list'); + $tpl->set_block('main_block', 'calendar_block', 'calendar_list'); + $tpl->set_var('FTAN', $admin->getFTAN()); -// Insert variables -$template->set_var(array( - 'PAGE_ID' => $results_array['page_id'], - // 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), - 'PAGE_IDKEY' => $results_array['page_id'], - 'VAR_PAGE_TITLE' => $results_array['page_title'], - 'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], - 'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] - ) - ); + // set first defaults and messages + $tpl->set_var(array( + 'PAGE_ID' => $results_array['page_id'], + // 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), + 'PAGE_IDKEY' => $results_array['page_id'], + 'TEXT_PAGE' => $TEXT['PAGE'], + 'PAGE_TITLE' => ($results_array['page_title']), + 'MENU_TITLE' => ($results_array['menu_title']), + 'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'], + 'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], + 'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], + 'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'], + 'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], + 'TEXT_ID' => 'ID', + 'TEXT_TYPE' => $TEXT['TYPE'], + 'TEXT_BLOCK' => $TEXT['BLOCK'], + 'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'}, + 'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'], + 'TEXT_ACTIONS' => $TEXT['ACTIONS'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) + ); -$sql = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` '; -$sql .= 'FROM `'.TABLE_PREFIX.'sections` '; -$sql .= 'WHERE `page_id` = '.$page_id.' '; -$sql .= 'ORDER BY `position` ASC'; -$query_sections = $database->query($sql); + // Insert variables + $tpl->set_var(array( + 'PAGE_ID' => $results_array['page_id'], + // 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']), + 'PAGE_IDKEY' => $results_array['page_id'], + 'VAR_PAGE_TITLE' => $results_array['page_title'], + 'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'], + 'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] + ) + ); -if($query_sections->numRows() > 0) -{ - $num_sections = $query_sections->numRows(); - while($section = $query_sections->fetchRow()) - { - if(!is_numeric(array_search($section['module'], $module_permissions))) - { - // Get the modules real name - $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; - $sql .= 'WHERE `directory` = "'.$section['module'].'"'; - if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module'])) - { - $edit_page = ''.$section['module'].''; - }else - { - $edit_page = ''; - } - $edit_page_0 = ''.$section['module'].''; - if(SECTION_BLOCKS) - { - if($edit_page == '') - { - if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) + $sql = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` '; + $sql .= 'FROM `'.TABLE_PREFIX.'sections` '; + $sql .= 'WHERE `page_id` = '.$page_id.' '; + $sql .= 'ORDER BY `position` ASC'; + $query_sections = $database->query($sql); + + if($query_sections->numRows() > 0) + { + $num_sections = $query_sections->numRows(); + while($section = $query_sections->fetchRow()) + { + if(!is_numeric(array_search($section['module'], $module_permissions))) + { + // Get the modules real name + $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; + $sql .= 'WHERE `directory` = "'.$section['module'].'"'; + if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module'])) { - $edit_page = $edit_page_0.'&wysiwyg='.$edit_page_1; + $edit_page = ''.$section['module'].''; + }else + { + $edit_page = ''; + } + $edit_page_0 = ''.$section['module'].''; + if(SECTION_BLOCKS) + { + if($edit_page == '') + { + if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION) + { + $edit_page = $edit_page_0.'&wysiwyg='.$edit_page_1; + } else { + $edit_page = $edit_page_0.'#wb_'.$edit_page_1; + } + } + $input_attribute = 'input_normal'; + $tpl->set_var(array( + 'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"', + 'NAME_SIZE' => 300, + 'INPUT_ATTRIBUTE' => $input_attribute, + 'VAR_SECTION_ID' => $section['section_id'], + 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), + // 'VAR_SECTION_IDKEY' => $section['section_id'], + 'VAR_POSITION' => $section['position'], + 'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, + 'SELECT' => '', + 'SET_NONE_DISPLAY_OPTION' => '' + ) + ); + // Add block options to the section_list + $tpl->clear_var('block_list'); + foreach($block AS $number => $name) + { + $tpl->set_var('NAME', htmlentities(strip_tags($name))); + $tpl->set_var('VALUE', $number); + $tpl->set_var('SIZE', 1); + if($section['block'] == $number) + { + $tpl->set_var('SELECTED', ' selected="selected"'); + } else { + $tpl->set_var('SELECTED', ''); + } + $tpl->parse('block_list', 'block_block', true); + } } else { - $edit_page = $edit_page_0.'#wb_'.$edit_page_1; + if($edit_page == '') + { + $edit_page = $edit_page_0.'#wb_'.$edit_page_1; + } + $input_attribute = 'input_normal'; + $tpl->set_var(array( + 'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"', + 'NAME_SIZE' => 300, + 'INPUT_ATTRIBUTE' => $input_attribute, + 'VAR_SECTION_ID' => $section['section_id'], + 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), + // 'VAR_SECTION_IDKEY' => $section['section_id'], + 'VAR_POSITION' => $section['position'], + 'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, + 'NAME' => htmlentities(strip_tags($block[1])), + 'VALUE' => 1, + 'SET_NONE_DISPLAY_OPTION' => '' + ) + ); } - } - $input_attribute = 'input_normal'; - $template->set_var(array( - 'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"', - 'NAME_SIZE' => 300, - 'INPUT_ATTRIBUTE' => $input_attribute, - 'VAR_SECTION_ID' => $section['section_id'], - // 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), - 'VAR_SECTION_IDKEY' => $section['section_id'], - 'VAR_POSITION' => $section['position'], - 'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, - 'SELECT' => '', - 'SET_NONE_DISPLAY_OPTION' => '' - ) - ); - // Add block options to the section_list - $template->clear_var('block_list'); - foreach($block AS $number => $name) - { - $template->set_var('NAME', htmlentities(strip_tags($name))); - $template->set_var('VALUE', $number); - $template->set_var('SIZE', 1); - if($section['block'] == $number) - { - $template->set_var('SELECTED', ' selected="selected"'); + // Insert icon and images + $tpl->set_var(array( + 'CLOCK_16_PNG' => 'clock_16.png', + 'CLOCK_DEL_16_PNG' => 'clock_del_16.png', + 'DELETE_16_PNG' => 'delete_16.png' + ) + ); + // set calendar start values + if($section['publ_start']==0) + { + $tpl->set_var('VALUE_PUBL_START', ''); } else { - $template->set_var('SELECTED', ''); + $tpl->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start'])); } - $template->parse('block_list', 'block_block', true); + // set calendar start values + if($section['publ_end']==0) + { + $tpl->set_var('VALUE_PUBL_END', ''); + } else { + $tpl->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end'])); + } + // Insert icons up and down + if($section['position'] != 1 ) + { + $tpl->set_var( + 'VAR_MOVE_UP_URL', + ' + {TEXT_MOVE_UP} + ' ); + } else { + $tpl->set_var(array( + 'VAR_MOVE_UP_URL' => '' + ) + ); + } + if($section['position'] != $num_sections ) { + $tpl->set_var( + 'VAR_MOVE_DOWN_URL', + ' + {TEXT_MOVE_DOWN} + ' ); + } else { + $tpl->set_var(array( + 'VAR_MOVE_DOWN_URL' => '' + ) + ); + } + } else { + continue; } - } else { - if($edit_page == '') - { - $edit_page = $edit_page_0.'#wb_'.$edit_page_1; + + $tpl->set_var(array( + 'DISPLAY_DEBUG' => ' style="visibility="visible;"', + 'TEXT_SID' => 'SID', + 'DEBUG_COLSPAN_SIZE' => 9 + ) + ); + if($debug) + { + $tpl->set_var(array( + 'DISPLAY_DEBUG' => ' style="visibility="visible;"', + 'TEXT_PID' => 'PID', + 'TEXT_SID' => 'SID', + 'POSITION' => $section['position'] + ) + ); + } else { + $tpl->set_var(array( + 'DISPLAY_DEBUG' => ' style="display:none;"', + 'TEXT_PID' => '', + 'POSITION' => '' + ) + ); } - $input_attribute = 'input_normal'; - $template->set_var(array( - 'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"', - 'NAME_SIZE' => 300, - 'INPUT_ATTRIBUTE' => $input_attribute, - 'VAR_SECTION_ID' => $section['section_id'], - // 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']), - 'VAR_SECTION_IDKEY' => $section['section_id'], - 'VAR_POSITION' => $section['position'], - 'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page, - 'NAME' => htmlentities(strip_tags($block[1])), - 'VALUE' => 1, - 'SET_NONE_DISPLAY_OPTION' => '' - ) - ); + $tpl->parse('section_list', 'section_block', true); } - // Insert icon and images - $template->set_var(array( - 'CLOCK_16_PNG' => 'clock_16.png', - 'CLOCK_DEL_16_PNG' => 'clock_del_16.png', - 'DELETE_16_PNG' => 'delete_16.png' - ) - ); - // set calendar start values - if($section['publ_start']==0) - { - $template->set_var('VALUE_PUBL_START', ''); - } else { - $template->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start'])); - } - // set calendar start values - if($section['publ_end']==0) - { - $template->set_var('VALUE_PUBL_END', ''); - } else { - $template->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end'])); - } - // Insert icons up and down - if($section['position'] != 1 ) - { - $template->set_var( - 'VAR_MOVE_UP_URL', - ' - {TEXT_MOVE_UP} - ' ); - } else { - $template->set_var(array( - 'VAR_MOVE_UP_URL' => '' - ) - ); - } - if($section['position'] != $num_sections ) { - $template->set_var( - 'VAR_MOVE_DOWN_URL', - ' - {TEXT_MOVE_DOWN} - ' ); - } else { - $template->set_var(array( - 'VAR_MOVE_DOWN_URL' => '' - ) - ); - } - } else { - continue; } - $template->set_var(array( - 'DISPLAY_DEBUG' => ' style="visibility="visible;"', - 'TEXT_SID' => 'SID', - 'DEBUG_COLSPAN_SIZE' => 9 - ) - ); - if($debug) - { - $template->set_var(array( - 'DISPLAY_DEBUG' => ' style="visibility="visible;"', - 'TEXT_PID' => 'PID', - 'TEXT_SID' => 'SID', - 'POSITION' => $section['position'] - ) - ); - } else { - $template->set_var(array( - 'DISPLAY_DEBUG' => ' style="display:none;"', - 'TEXT_PID' => '', - 'POSITION' => '' - ) - ); - } - $template->parse('section_list', 'section_block', true); - } -} + // now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp! + // the loop is simply a copy from above. + $sql = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` '; + $sql .= 'WHERE page_id = '.$page_id.' '; + $sql .= 'ORDER BY `position` ASC'; + $query_sections = $database->query($sql); -// now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp! -// the loop is simply a copy from above. -$sql = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` '; -$sql .= 'WHERE page_id = '.$page_id.' '; -$sql .= 'ORDER BY `position` ASC'; -$query_sections = $database->query($sql); + if($query_sections->numRows() > 0) + { + $num_sections = $query_sections->numRows(); + while($section = $query_sections->fetchRow()) + { + // Get the modules real name + $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; + $sql .= 'WHERE `directory` = "'.$section['module'].'"'; + $module_name = $database->get_one($sql); -if($query_sections->numRows() > 0) -{ - $num_sections = $query_sections->numRows(); - while($section = $query_sections->fetchRow()) - { - // Get the modules real name - $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` '; - $sql .= 'WHERE `directory` = "'.$section['module'].'"'; - $module_name = $database->get_one($sql); - - if(!is_numeric(array_search($section['module'], $module_permissions))) - { - $template->set_var(array( - 'jscal_ifformat' => $jscal_ifformat, - 'jscal_firstday' => $jscal_firstday, - 'jscal_today' => $jscal_today, - 'start_date' => 'start_date'.$section['section_id'], - 'end_date' => 'end_date'.$section['section_id'], - 'trigger_start' => 'trigger_start'.$section['section_id'], - 'trigger_end' => 'trigger_stop'.$section['section_id'] - ) - ); - if(isset($jscal_use_time) && $jscal_use_time==TRUE) { - $template->set_var(array( - 'showsTime' => "true", - 'timeFormat' => "24" - ) - ); - } else { - $template->set_var(array( - 'showsTime' => "false", - 'timeFormat' => "24" - ) - ); + if(!is_numeric(array_search($section['module'], $module_permissions))) + { + $tpl->set_var(array( + 'jscal_ifformat' => $jscal_ifformat, + 'jscal_firstday' => $jscal_firstday, + 'jscal_today' => $jscal_today, + 'start_date' => 'start_date'.$section['section_id'], + 'end_date' => 'end_date'.$section['section_id'], + 'trigger_start' => 'trigger_start'.$section['section_id'], + 'trigger_end' => 'trigger_stop'.$section['section_id'] + ) + ); + if(isset($jscal_use_time) && $jscal_use_time==TRUE) { + $tpl->set_var(array( + 'showsTime' => "true", + 'timeFormat' => "24" + ) + ); + } else { + $tpl->set_var(array( + 'showsTime' => "false", + 'timeFormat' => "24" + ) + ); + } + } + $tpl->parse('calendar_list', 'calendar_block', true); } } - $template->parse('calendar_list', 'calendar_block', true); - } -} -// Work-out if we should show the "Add Section" form -$sql = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` '; -$sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"'; -$query_sections = $database->query($sql); -if($query_sections->numRows() == 0) -{ - // Modules list - $sql = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` '; - $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" '; - $sql .= 'ORDER BY `name`'; - $result = $database->query($sql); -// if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); } + // Work-out if we should show the "Add Section" form + $sql = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` '; + $sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"'; + $query_sections = $database->query($sql); + if($query_sections->numRows() == 0) + { + // Modules list + $sql = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` '; + $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" '; + $sql .= 'ORDER BY `name`'; + $result = $database->query($sql); + // if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); } - if($result->numRows() > 0) - { - while ($module = $result->fetchRow()) - { - // Check if user is allowed to use this module echo $module['directory'],'
'; - if(!is_numeric(array_search($module['directory'], $module_permissions))) - { - $template->set_var('VALUE', $module['directory']); - $template->set_var('NAME', $module['name']); - if($module['directory'] == 'wysiwyg') - { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ''); + if($result->numRows() > 0) + { + while ($module = $result->fetchRow()) + { + // Check if user is allowed to use this module echo $module['directory'],'
'; + if(!is_numeric(array_search($module['directory'], $module_permissions))) + { + $tpl->set_var('VALUE', $module['directory']); + $tpl->set_var('NAME', $module['name']); + if($module['directory'] == 'wysiwyg') + { + $tpl->set_var('SELECTED', ' selected="selected"'); + } else { + $tpl->set_var('SELECTED', ''); + } + $tpl->parse('module_list', 'module_block', true); + } else { + continue; + } } - $template->parse('module_list', 'module_block', true); - } else { - continue; } } - } -} -// Insert language text and messages -$template->set_var(array( - 'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], - 'TEXT_ARE_YOU_SURE' => url_encode($TEXT['ARE_YOU_SURE']), - 'TEXT_TYPE' => $TEXT['TYPE'], - 'TEXT_ADD' => $TEXT['ADD'], - 'TEXT_SAVE' => $TEXT['SAVE'], - 'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], - 'TEXT_CALENDAR' => $TEXT['CALENDAR'], - 'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'], - 'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], - 'TEXT_MOVE_UP' => $TEXT['MOVE_UP'], - 'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN'] - ) - ); -$template->parse('main', 'main_block', false); -$template->pparse('output', 'page'); + // Insert language text and messages + $tpl->set_var(array( + 'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], + 'TEXT_ARE_YOU_SURE' => url_encode($TEXT['ARE_YOU_SURE']), + 'TEXT_TYPE' => $TEXT['TYPE'], + 'TEXT_ADD' => $TEXT['ADD'], + 'TEXT_SAVE' => $TEXT['SAVE'], + 'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'], + 'TEXT_CALENDAR' => $TEXT['CALENDAR'], + 'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'], + 'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'], + 'TEXT_MOVE_UP' => $TEXT['MOVE_UP'], + 'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN'] + ) + ); + $tpl->parse('main', 'main_block', false); + $tpl->pparse('output', 'page'); + // include the required file for Javascript admin + if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php')) + { + include(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php'); + } + break; +endswitch; -// include the required file for Javascript admin -if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php')) -{ - include(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php'); -} - // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/pages/add.php =================================================================== --- branches/2.8.x/wb/admin/pages/add.php (revision 1474) +++ branches/2.8.x/wb/admin/pages/add.php (revision 1475) @@ -34,7 +34,7 @@ $title = $admin->get_post_escaped('title'); $title = htmlspecialchars($title); $module = preg_replace("/\W/", "", $admin->get_post('type')); // fix secunia 2010-93-4 -$parent = (int) $admin->get_post('parent'); // fix secunia 2010-91-2 +$parent = intval($admin->get_post('parent')); // fix secunia 2010-91-2 $visibility = $admin->get_post('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-91-2 $admin_groups = $admin->get_post('admin_groups'); @@ -243,5 +243,3 @@ // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1474) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1475) @@ -52,6 +52,4 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2.RC7'); -if(!defined('REVISION')) define('REVISION', '1474'); - -?> +if(!defined('REVISION')) define('REVISION', '1475'); Index: branches/2.8.x/wb/admin/users/users.php =================================================================== --- branches/2.8.x/wb/admin/users/users.php (revision 1474) +++ branches/2.8.x/wb/admin/users/users.php (revision 1475) @@ -20,176 +20,177 @@ require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); -// Create new database object -// $database = new database(); +$action = 'cancel'; +// Set parameter 'action' as alternative to javascript mechanism +$action = (isset($_POST['modify']) ? 'modify' : $action ); +$action = (isset($_POST['delete']) ? 'delete' : $action ); -if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) { - header("Location: index.php"); - exit(0); -} +switch ($action): + case 'modify' : + // Print header + $admin = new admin('Access', 'users_modify'); + $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); + // Check if user id is a valid number and doesnt equal 1 + if( ($user_id < 2 ) ) + { + // if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + } + // Get existing values + $results = $database->query("SELECT * FROM ".TABLE_PREFIX."users WHERE user_id = '".$user_id."'"); + $user = $results->fetchRow(); -// Set parameter 'action' as alternative to javascript mechanism -if(isset($_POST['modify'])) - $_POST['action'] = "modify"; -if(isset($_POST['delete'])) - $_POST['action'] = "delete"; + // Setup template object + $template = new Template(THEME_PATH.'/templates'); + $template->set_file('page', 'users_form.htt'); + $template->set_block('page', 'main_block', 'main'); + $template->set_var( array( + 'ACTION_URL' => ADMIN_URL.'/users/save.php', + 'SUBMIT_TITLE' => $TEXT['SAVE'], + 'USER_ID' => $user['user_id'], + 'USERNAME' => $user['username'], + 'DISPLAY_NAME' => $user['display_name'], + 'EMAIL' => $user['email'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) + ); -// Check if user id is a valid number and doesnt equal 1 -if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) { - header("Location: index.php"); - exit(0); -} - -if($_POST['action'] == 'modify') -{ - // Print header - $admin = new admin('Access', 'users_modify'); - // Get existing values - $results = $database->query("SELECT * FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."'"); - $user = $results->fetchRow(); - - // Setup template object - $template = new Template(THEME_PATH.'/templates'); - $template->set_file('page', 'users_form.htt'); - $template->set_block('page', 'main_block', 'main'); - $template->set_var( array( - 'ACTION_URL' => ADMIN_URL.'/users/save.php', - 'SUBMIT_TITLE' => $TEXT['SAVE'], - 'USER_ID' => $user['user_id'], - 'USERNAME' => $user['username'], - 'DISPLAY_NAME' => $user['display_name'], - 'EMAIL' => $user['email'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL - ) - ); - - $template->set_var('FTAN', $admin->getFTAN()); - if($user['active'] == 1) { - $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); - } else { - $template->set_var('DISABLED_CHECKED', ' checked="checked"'); - } - // Add groups to list - $template->set_block('main_block', 'group_list_block', 'group_list'); - $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); - if($results->numRows() > 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); - $template->set_var('SELECTED', ''); - $template->parse('group_list', 'group_list_block', true); - while($group = $results->fetchRow()) { - $template->set_var('ID', $group['group_id']); - $template->set_var('NAME', $group['name']); - if(in_array($group['group_id'], explode(",",$user['groups_id']))) { - $template->set_var('SELECTED', ' selected="selected"'); + $template->set_var('FTAN', $admin->getFTAN()); + if($user['active'] == 1) { + $template->set_var('ACTIVE_CHECKED', ' checked="checked"'); } else { + $template->set_var('DISABLED_CHECKED', ' checked="checked"'); + } + // Add groups to list + $template->set_block('main_block', 'group_list_block', 'group_list'); + $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); + if($results->numRows() > 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); $template->set_var('SELECTED', ''); + $template->parse('group_list', 'group_list_block', true); + while($group = $results->fetchRow()) { + $template->set_var('ID', $group['group_id']); + $template->set_var('NAME', $group['name']); + if(in_array($group['group_id'], explode(",",$user['groups_id']))) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ''); + } + $template->parse('group_list', 'group_list_block', true); + } } - $template->parse('group_list', 'group_list_block', true); - } - } - // Only allow the user to add a user to the Administrators group if they belong to it - if(in_array(1, $admin->get_groups_id())) - { - $template->set_var('ID', '1'); - $users_groups = $admin->get_groups_name(); - $template->set_var('NAME', $users_groups[1]); + // Only allow the user to add a user to the Administrators group if they belong to it + if(in_array(1, $admin->get_groups_id())) + { + $template->set_var('ID', '1'); + $users_groups = $admin->get_groups_name(); + $template->set_var('NAME', $users_groups[1]); - $in_group = FALSE; - foreach($admin->get_groups_id() as $cur_gid){ - if (in_array($cur_gid, explode(",", $user['groups_id']))) { - $in_group = TRUE; - } - } + $in_group = FALSE; + foreach($admin->get_groups_id() as $cur_gid){ + if (in_array($cur_gid, explode(",", $user['groups_id']))) { + $in_group = TRUE; + } + } - if($in_group) { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ''); - } - $template->parse('group_list', 'group_list_block', true); - } else { - if($results->numRows() == 0) { - $template->set_var('ID', ''); - $template->set_var('NAME', $TEXT['NONE_FOUND']); - $template->set_var('SELECTED', ' selected="selected"'); - $template->parse('group_list', 'group_list_block', true); - } - } + if($in_group) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ''); + } + $template->parse('group_list', 'group_list_block', true); + } else { + if($results->numRows() == 0) { + $template->set_var('ID', ''); + $template->set_var('NAME', $TEXT['NONE_FOUND']); + $template->set_var('SELECTED', ' selected="selected"'); + $template->parse('group_list', 'group_list_block', true); + } + } - // Generate username field name - $username_fieldname = 'username_'; - $salt = "abchefghjkmnpqrstuvwxyz0123456789"; - srand((double)microtime()*1000000); - $i = 0; - while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $username_fieldname = $username_fieldname . $tmp; - $i++; - } - - // Work-out if home folder should be shown - if(!HOME_FOLDERS) { - $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); - } - - // Include the WB functions file - require_once(WB_PATH.'/framework/functions.php'); - - // Add media folders to home folder list - $template->set_block('main_block', 'folder_list_block', 'folder_list'); - foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) - { - $template->set_var('NAME', str_replace(WB_PATH, '', $name)); - $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); - if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { - $template->set_var('SELECTED', ' selected="selected"'); - } else { - $template->set_var('SELECTED', ' '); - } - $template->parse('folder_list', 'folder_list_block', true); - } - - // Insert language text and messages - $template->set_var(array( - 'TEXT_RESET' => $TEXT['RESET'], - 'TEXT_ACTIVE' => $TEXT['ACTIVE'], - 'TEXT_DISABLED' => $TEXT['DISABLED'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_USERNAME' => $TEXT['USERNAME'], - 'TEXT_PASSWORD' => $TEXT['PASSWORD'], - 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], - 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], - 'TEXT_EMAIL' => $TEXT['EMAIL'], - 'TEXT_GROUP' => $TEXT['GROUP'], - 'TEXT_NONE' => $TEXT['NONE'], - 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], - 'USERNAME_FIELDNAME' => $username_fieldname, - 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], - 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] - ) - ); - - // Parse template object - $template->parse('main', 'main_block', false); - $template->pparse('output', 'page'); -} elseif($_POST['action'] == 'delete') { - // Print header - $admin = new admin('Access', 'users_delete'); - // Delete the user - $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE user_id = '".$_POST['user_id']."' LIMIT 1"); - if($database->is_error()) { - $admin->print_error($database->get_error()); - } else { - $admin->print_success($MESSAGE['USERS']['DELETED']); - } -} + // Generate username field name + $username_fieldname = 'username_'; + $salt = "abchefghjkmnpqrstuvwxyz0123456789"; + srand((double)microtime()*1000000); + $i = 0; + while ($i <= 7) { + $num = rand() % 33; + $tmp = substr($salt, $num, 1); + $username_fieldname = $username_fieldname . $tmp; + $i++; + } + // Work-out if home folder should be shown + if(!HOME_FOLDERS) { + $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); + } + + // Include the WB functions file + require_once(WB_PATH.'/framework/functions.php'); + + // Add media folders to home folder list + $template->set_block('main_block', 'folder_list_block', 'folder_list'); + foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) + { + $template->set_var('NAME', str_replace(WB_PATH, '', $name)); + $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); + if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { + $template->set_var('SELECTED', ' selected="selected"'); + } else { + $template->set_var('SELECTED', ' '); + } + $template->parse('folder_list', 'folder_list_block', true); + } + + // Insert language text and messages + $template->set_var(array( + 'TEXT_RESET' => $TEXT['RESET'], + 'TEXT_ACTIVE' => $TEXT['ACTIVE'], + 'TEXT_DISABLED' => $TEXT['DISABLED'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_USERNAME' => $TEXT['USERNAME'], + 'TEXT_PASSWORD' => $TEXT['PASSWORD'], + 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], + 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], + 'TEXT_EMAIL' => $TEXT['EMAIL'], + 'TEXT_GROUP' => $TEXT['GROUP'], + 'TEXT_NONE' => $TEXT['NONE'], + 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], + 'USERNAME_FIELDNAME' => $username_fieldname, + 'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'], + 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] + ) + ); + + // Parse template object + $template->parse('main', 'main_block', false); + $template->pparse('output', 'page'); + break; + case 'delete' : + // Print header + $admin = new admin('Access', 'users_delete'); + $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); + // Check if user id is a valid number and doesnt equal 1 + if( ($user_id < 2 ) ) + { + // if($admin_header) { $admin->print_header(); } + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + } + // Delete the user + $database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' "); + if($database->is_error()) { + $admin->print_error($database->get_error()); + } else { + $admin->print_success($MESSAGE['USERS']['DELETED']); + } + break; + default: + break; +endswitch; + // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/users/index.php =================================================================== --- branches/2.8.x/wb/admin/users/index.php (revision 1474) +++ branches/2.8.x/wb/admin/users/index.php (revision 1475) @@ -16,7 +16,6 @@ * */ - require('../../config.php'); require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Access', 'users'); @@ -27,6 +26,7 @@ $template->set_block('page', 'main_block', 'main'); $template->set_block("main_block", "manage_groups_block", "groups"); $template->set_var('ADMIN_URL', ADMIN_URL); +$template->set_var('FTAN', $admin->getFTAN()); // Get existing value from database // $database = new database(); @@ -45,7 +45,7 @@ $template->parse('list', 'list_block', true); // Loop through users while($user = $results->fetchRow()) { - $template->set_var('VALUE', $user['user_id']); + $template->set_var('VALUE',$admin->getIDKEY($user['user_id'])); $template->set_var('NAME', $user['display_name'].' ('.$user['username'].')'); $template->parse('list', 'list_block', true); } @@ -197,5 +197,3 @@ $template->pparse('output', 'page'); $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/admin/users/add.php =================================================================== --- branches/2.8.x/wb/admin/users/add.php (revision 1474) +++ branches/2.8.x/wb/admin/users/add.php (revision 1475) @@ -1,111 +1,110 @@ -checkFTAN() ) -{ - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); -} -// After check print the header -$admin->print_header(); - -// Get details entered -$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; //should check permissions -$groups_id = trim($groups_id, ','); // there will be an additional ',' when "Please Choose" was selected, too -$active = $admin->add_slashes($_POST['active'][0]); -$username_fieldname = $admin->get_post_escaped('username_fieldname'); -$username = strtolower($admin->get_post_escaped($username_fieldname)); -$password = $admin->get_post('password'); -$password2 = $admin->get_post('password2'); -$display_name = $admin->get_post_escaped('display_name'); -$email = $admin->get_post_escaped('email'); -$home_folder = $admin->get_post_escaped('home_folder'); -$default_language = DEFAULT_LANGUAGE; - -// Check values -if($groups_id == '') { - $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); -} -if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { - $admin->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '. - $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); -} -if(strlen($password) < 2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); -} -if($password != $password2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); -} -if($email != '') -{ - if($admin->validate_email($email) == false) - { - $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); - } -} else { // e-mail must be present - $admin->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back); -} - -// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) -$gid_tmp = explode(',', $groups_id); -if(in_array('1', $gid_tmp)) $group_id = '1'; // if user is in administrator-group, get this group -else $group_id = $gid_tmp[0]; // else just get the first one -unset($gid_tmp); - -// Check if username already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); -if($results->numRows() > 0) { - $admin->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back); -} - -// Check if the email already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"); -if($results->numRows() > 0) -{ - if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) - { - $admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); - } else { - $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); - } -} - -// MD5 supplied password -$md5_password = md5($password); - -// Inser the user into the database -$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,home_folder,email,timezone, language) VALUES ('$group_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$home_folder','$email','-72000', '$default_language')"; -$database->query($query); -if($database->is_error()) { - $admin->print_error($database->get_error()); -} else { - $admin->print_success($MESSAGE['USERS']['ADDED']); -} - -// Print admin footer -$admin->print_footer(); - - +checkFTAN() ) +{ + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); +} +// After check print the header +$admin->print_header(); + +// Get details entered +$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; //should check permissions +$groups_id = trim($groups_id, ','); // there will be an additional ',' when "Please Choose" was selected, too +$active = $admin->add_slashes($_POST['active'][0]); +$username_fieldname = $admin->get_post_escaped('username_fieldname'); +$username = strtolower($admin->get_post_escaped($username_fieldname)); +$password = $admin->get_post('password'); +$password2 = $admin->get_post('password2'); +$display_name = $admin->get_post_escaped('display_name'); +$email = $admin->get_post_escaped('email'); +$home_folder = $admin->get_post_escaped('home_folder'); +$default_language = DEFAULT_LANGUAGE; + +// Check values +if($groups_id == '') { + $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); +} +if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { + $admin->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '. + $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); +} +if(strlen($password) < 2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); +} +if($password != $password2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); +} +if($email != '') +{ + if($admin->validate_email($email) == false) + { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} else { // e-mail must be present + $admin->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back); +} + +// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) +$gid_tmp = explode(',', $groups_id); +if(in_array('1', $gid_tmp)) $group_id = '1'; // if user is in administrator-group, get this group +else $group_id = $gid_tmp[0]; // else just get the first one +unset($gid_tmp); + +// Check if username already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); +if($results->numRows() > 0) { + $admin->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back); +} + +// Check if the email already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"); +if($results->numRows() > 0) +{ + if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) + { + $admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); + } else { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} + +// MD5 supplied password +$md5_password = md5($password); + +// Inser the user into the database +$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,home_folder,email,timezone, language) VALUES ('$group_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$home_folder','$email','-72000', '$default_language')"; +$database->query($query); +if($database->is_error()) { + $admin->print_error($database->get_error()); +} else { + $admin->print_success($MESSAGE['USERS']['ADDED']); +} + +// Print admin footer +$admin->print_footer(); Index: branches/2.8.x/wb/admin/modules/details.php =================================================================== --- branches/2.8.x/wb/admin/modules/details.php (revision 1474) +++ branches/2.8.x/wb/admin/modules/details.php (revision 1475) @@ -38,7 +38,7 @@ } else { - $file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-1 + $file = preg_replace("/\W/", "", $_POST['file']); // fix secunia 2010-92-1 } // Check if the module exists @@ -139,5 +139,3 @@ // Print admin footer $admin->print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/framework/get_rel.php =================================================================== --- branches/2.8.x/wb/framework/get_rel.php (revision 1474) +++ branches/2.8.x/wb/framework/get_rel.php (nonexistent) @@ -1,38 +0,0 @@ -function '.__FUNCTION__.'('.$title.'); line: '.__LINE__.' -> '; -print_r( $var ); print ''; // die(); -} - -function getBaseUrl() -{ - global $mod_path; - // identify Server Document_Root -/* - define('PATH_thisScript', str_replace('//', '/', str_replace('\\', '/', (PHP_SAPI == 'fpm-fcgi' || PHP_SAPI == 'cgi' || PHP_SAPI == 'isapi' || PHP_SAPI == 'cgi-fcgi') && - ($_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED']) ? - ($_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED']) : - ($_SERVER['ORIG_SCRIPT_FILENAME'] ? $_SERVER['ORIG_SCRIPT_FILENAME'] : $_SERVER['SCRIPT_FILENAME'])))); - define('PATH_site', dirname(PATH_thisScript) . '/'); -*/ - // on WIN/IIS create this entry - $script_name = str_replace('\\', '/',dirname(dirname(__FILE__))); - $sys_root = ( !isset($_SERVER['DOCUMENT_ROOT']) && $_SERVER['DOCUMENT_ROOT'] == '' ) ? (str_replace('\\', '/', $script_name)) : str_replace('\\', '/',$_SERVER['DOCUMENT_ROOT']); - - $_SERVER['DOCUMENT_ROOT'] = $sys_root; - - $wb_rel = str_replace( $sys_root, '' ,($script_name)); - - $mod_path = (!empty($mod_path)) ? $mod_path : '/' ; - $regex = '/(?=\\'.$mod_path.').*/i'; - $replace = ''; - $wb_rel = preg_replace ($regex, $replace, $wb_rel, -1 ); - $wb_rel = str_replace('//', '/', $wb_rel ); - if(!defined('WB_REL')) {define('WB_REL', $wb_rel);} - if(!defined('ADMIN_REL')) {define('ADMIN_REL', $wb_rel.'/admin');} - -} - -getBaseUrl( ); - Property changes on: branches/2.8.x/wb/framework/get_rel.php ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -Date Revision Id HeadURL \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2.8.x/wb/framework/SecureForm.mtab.php =================================================================== --- branches/2.8.x/wb/framework/SecureForm.mtab.php (nonexistent) +++ branches/2.8.x/wb/framework/SecureForm.mtab.php (revision 1475) @@ -0,0 +1,408 @@ +'0'); + private $_idkey_name = ''; + private $_salt = ''; + private $_fingerprint = ''; + private $_serverdata = ''; + + /* Construtor */ + protected function __construct($mode = self::FRONTEND){ + + ## additional constants and stuff for global configuration + + # Secret can contain anything its the base for the secret part of the hash + if (defined ('WB_SECFORM_SECRET')){ + $this->_secret=WB_SECFORM_SECRET; + } + + # shall we use fingerprinting + if (defined ('WB_SECFORM_USEFP') AND WB_SECFORM_USEFP===false){ + $this->_usefingerprint = false; + } + + # Timeout till the form token times out. Integer value between 0-86400 seconds (one day) + if (defined ('WB_SECFORM_TIMEOUT') AND is_numeric(WB_SECFORM_TIMEOUT) AND intval(WB_SECFORM_TIMEOUT) >=0 AND intval(WB_SECFORM_TIMEOUT) <=86400 ){ + $this->_timeout=intval(WB_SECFORM_TIMEOUT); + } + # Name for the token form element only alphanumerical string allowed that starts whith a charakter + if (defined ('WB_SECFORM_TOKENNAME') AND !$this->_validate_alalnum(WB_SECFORM_TOKENNAME)){ + $this->_tokenname=WB_SECFORM_TOKENNAME; + } + # how many bloks of the IP should be used 0=no ipcheck + if (defined ('FINGERPRINT_WITH_IP_OCTETS') AND !$this->_is04(FINGERPRINT_WITH_IP_OCTETS)){ + $this->_useipblocks=FINGERPRINT_WITH_IP_OCTETS; + } + ## additional stuff end + $this->_browser_fingerprint = $this->_browser_fingerprint(true); + $this->_fingerprint = $this->_generate_fingerprint(); + $this->_serverdata = $this->_generate_serverdata(); + $this->_secret = $this->_generate_secret(); + $this->_salt = $this->_generate_salt(); + + $this->_idkey_name = substr($this->_fingerprint, hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16); + // make sure there is a alpha-letter at first position + $this->_idkey_name[0] = dechex(10 + (hexdec($this->_idkey_name[0]) % 5)); + // takeover id_keys from session if available + if(isset($_SESSION[$this->_idkey_name]) && is_array($_SESSION[$this->_idkey_name])){ + $this->_IDKEYs = $_SESSION[$this->_idkey_name]; + }else{ + $this->_IDKEYs = array('0'=>'0'); + $_SESSION[$this->_idkey_name] = $this->_IDKEYs; + } + } + + private function _generate_secret(){ + + $secret= $this->_secret; + $secrettime= $this->_secrettime; + #create a different secret every day + $TimeSeed= floor(time()/$secrettime)*$secrettime; #round(floor) time() to whole days + $DomainSeed = $_SERVER['SERVER_NAME']; # generate a numerical from server name. + $Seed = $TimeSeed+$DomainSeed; + $secret .=md5($Seed); # + + $secret .= $this->_secret.$this->_serverdata.session_id(); + if ($this->_usefingerprint){$secret.= $this->_browser_fingerprint;} + + return $secret; + } + + + + private function _generate_salt() + { + if(function_exists('microtime')) + { + list($usec, $sec) = explode(" ", microtime()); + $salt = (string)((float)$usec + (float)$sec); + }else{ + $salt = (string)time(); + } + $salt = (string)rand(10000, 99999) . $salt . (string)rand(10000, 99999); + return md5($salt); + } + + private function _generate_fingerprint() + { + // server depending values + $fingerprint = $this->_generate_serverdata(); + + // client depending values + $fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '17'; + $usedOctets = ( defined('FINGERPRINT_WITH_IP_OCTETS') ) ? intval(defined('FINGERPRINT_WITH_IP_OCTETS')) : 0; + $clientIp = ( isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '' ); + if(($clientIp != '') && ($usedOctets > 0)){ + $ip = explode('.', $clientIp); + while(sizeof($ip) > $usedOctets) { array_pop($ip); } + $clientIp = implode('.', $ip); + }else { + $clientIp = 19; + } + $fingerprint .= $clientIp; + return md5($fingerprint); + } + + private function _generate_serverdata(){ + + $serverdata = ( isset($_SERVER['SERVER_SIGNATURE']) ) ? $_SERVER['SERVER_SIGNATURE'] : '2'; + $serverdata .= ( isset($_SERVER['SERVER_SOFTWARE']) ) ? $_SERVER['SERVER_SOFTWARE'] : '3'; + $serverdata .= ( isset($_SERVER['SERVER_NAME']) ) ? $_SERVER['SERVER_NAME'] : '5'; + $serverdata .= ( isset($_SERVER['SERVER_ADDR']) ) ? $_SERVER['SERVER_ADDR'] : '7'; + $serverdata .= ( isset($_SERVER['SERVER_PORT']) ) ? $_SERVER['SERVER_PORT'] : '11'; + $serverdata .= ( isset($_SERVER['SERVER_ADMIN']) ) ? $_SERVER['SERVER_ADMIN'] : '13'; + $serverdata .= PHP_VERSION; + return $serverdata; + } + + // fake funktion , just exits to avoid error message + final protected function createFTAN(){} + + /* + * creates selfsigning Formular transactionnumbers for unique use + * @access public + * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default) + * false returns an GET argument 'key=value' + * @return mixed: string + * + * requirements: an active session must not be available but it makes no sense whithout :-) + */ + final public function getFTAN( $as_tag = true) + { + $secret= $this->_secret; + + $timeout= time()+$this->_timeout; + + #mt_srand(hexdec(crc32(microtime())); + $token= dechex(mt_rand()); + + $hash= sha1($secret.'-'.$token.'-'.$timeout); + $signed= $token.'-'.$timeout.'-'.$hash; + + if($as_tag == true) + { // by default return a complete, hidden -tag + return ''; + }else{ // return an array with raw tokenname=value + return $this->_tokenname.'='.$signed; + } + } + + /* + * checks received form-transactionnumbers against itself + * @access public + * @param string $mode: requestmethode POST(default) or GET + * @return bool: true if numbers matches against stored ones + * + * requirements: no active session must be available but it makes no sense whithout. + * this check will prevent from multiple sending a form. history.back() also will never work + */ + final public function checkFTAN( $mode = 'POST') + { + $mode = (strtoupper($mode) != 'POST' ? '_GET' : '_POST'); + + $isok= false; + $secret= $this->_secret; + + if (isset($GLOBALS[$mode][$this->_tokenname])) {$latoken=$GLOBALS[$mode][$this->_tokenname];} + else {return $isok;} + + $parts= explode('-', $latoken); + if (count($parts)==3) { + list($token,$timeout, $hash)= $parts; + if ($hash==sha1($secret.'-'.$token.'-'.$timeout) AND $timeout > time()) + {$isok= true;} + } + + return $isok; + } + + /* + * save values in session and returns a ID-key + * @access public + * @param mixed $value: the value for witch a key shall be generated and memorized + * @return string: a MD5-Key to use instead of the real value + * + * @requirements: an active session must be available + * @description: IDKEY can handle string/numeric/array - vars. Each key is a + */ + final public function getIDKEY($value) + { + if( is_array($value) == true ) + { // serialize value, if it's an array + $value = serialize($value); + } + // crypt value with salt into md5-hash + // and return a 16-digit block from random start position + $key = substr( md5($this->_salt.(string)$value), rand(0,15), 16); + do{ // loop while key/value isn't added + if( !array_key_exists($key, $this->_IDKEYs) ) + { // the key is unique, so store it in list + $this->_IDKEYs[$key] = $value; + break; + }else { + // if key already exist, increment the last five digits until the key is unique + $key = substr($key, 0, -5).dechex(('0x'.substr($key, -5)) + 1); + } + }while(0); + // store key/value-pairs into session + $_SESSION[$this->_idkey_name] = $this->_IDKEYs; + return $key; + } + + /* + * search for key in session and returns the original value + * @access public + * @param string $fieldname: name of the POST/GET-Field containing the key or hex-key itself + * @param mixed $default: returnvalue if key not exist (default 0) + * @param string $request: requestmethode can be POST or GET or '' (default POST) + * @return mixed: the original value (string, numeric, array) or DEFAULT if request fails + * + * @requirements: an active session must be available + * @description: each IDKEY can be checked only once. Unused Keys stay in list until the + * session is destroyed. + */ + final public function checkIDKEY( $fieldname, $default = 0, $request = 'POST' ) + { + $return_value = $default; // set returnvalue to default + switch( strtoupper($request) ) + { + case 'POST': + $key = isset($_POST[$fieldname]) ? $_POST[$fieldname] : $fieldname; + break; + case 'GET': + $key = isset($_GET[$fieldname]) ? $_GET[$fieldname] : $fieldname; + break; + default: + $key = $fieldname; + } + if( preg_match('/[0-9a-f]{16}$/', $key) ) + { // key must be a 16-digit hexvalue + if( array_key_exists($key, $this->_IDKEYs)) + { // check if key is stored in IDKEYs-list + $return_value = $this->_IDKEYs[$key]; // get stored value + unset($this->_IDKEYs[$key]); // remove from list to prevent multiuse + $_SESSION[$this->_idkey_name] = $this->_IDKEYs; // save modified list into session again + if( preg_match('/.*(?_IDKEYs = array('0'=>'0'); + } + + + ## additional Functions needed cause the original ones lack some functionality + ## all are Copyright Norbert Heimsath, heimsath.org + ## released under GPLv3 http://www.gnu.org/licenses/gpl.html + + /* Made because ctype_ gives strange results using mb Strings*/ + private function _validate_alalnum($input){ + # alphanumerical string that starts whith a letter charakter + if (preg_match('/^[a-zA-Z][0-9a-zA-Z]+$/u', $input)) + {return false;} + + return "The given input is not an alphanumeric string."; + } + + private function _is04($input){ + # integer value between 0-4 + if (preg_match('/^[0-4]$/', $input)) {return false;} + + return "The given input is not an alphanumeric string."; + } + + + private function _getip($ipblocks=4){ + /* + Just a function to get User ip even if hes behind a proxy + */ + $ip = ""; //Ip address result + $cutip = ""; //Ip address cut to limit + + # mabe user is behind a Proxy but we need his real ip address if we got a nice Proxyserver, + # it sends us the "HTTP_X_FORWARDED_FOR" Header. Sometimes there is more than one Proxy. + # !!!!!! THIS PART WAS NEVER TESTED BECAUSE I ONLY GOT A DIRECT INTERNET CONNECTION !!!!!! + # long2ip(ip2long($lastip)) makes sure we got nothing else than an ip into our script ;-) + # !!!!! WARNING the 'HTTP_X_FORWARDED_FOR' Part is NOT TESTED !!!!! + if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) + { + $iplist= explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']); + $lastip = array_pop($iplist); + $ip.= long2ip(ip2long($lastip)); + } + + /* If theres no other supported info we just use REMOTE_ADDR + If we have a fiendly proxy supporting HTTP_X_FORWARDED_FOR its ok to use the full address. + But if there is no HTTP_X_FORWARDED_FOR we can not be sure if its a proxy or whatever, so we use the + blocklimit for IP address. + */ + else + { + $ip = long2ip(ip2long($_SERVER['REMOTE_ADDR'])); + + # ipblocks used here defines how many blocks of the ip adress are checked xxx.xxx.xxx.xxx + $blocks = explode('.', $ip); + for ($i=0; $i<$ipblocks; $i++){ + $cutip.= $blocks[$i] . '.'; + } + $ip=substr($cutip, 0, -1); + } + + return $ip; + } + + private function _browser_fingerprint($encode=true,$fpsalt="My Fingerprint: "){ + /* + Creates a basic Browser Fingerprint for securing the session and forms. + */ + + $fingerprint=$fpsalt; + if (isset($_SERVER['HTTP_USER_AGENT'])){ $fingerprint .= $_SERVER['HTTP_USER_AGENT'];} + if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];} + if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_ENCODING'];} + if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_CHARSET'];} + + $fingerprint.= $this->_getip($this->_useipblocks); + + if ($encode){$fingerprint=md5($fingerprint);} + + return $fingerprint; + } + ## + ## additional Functions END + ## +} \ No newline at end of file Property changes on: branches/2.8.x/wb/framework/SecureForm.mtab.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +Date Revision Id HeadURL \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2.8.x/wb/framework/functions.php =================================================================== --- branches/2.8.x/wb/framework/functions.php (revision 1474) +++ branches/2.8.x/wb/framework/functions.php (revision 1475) @@ -1413,3 +1413,17 @@ return false; } } + +/* +urlencode function and rawurlencode are mostly based on RFC 1738. +However, since 2005 the current RFC in use for URIs standard is RFC 3986. +Here is a function to encode URLs according to RFC 3986. +*/ +if(!function_exists('url_encode')){ + function url_encode($string) { + $string = html_entity_decode($string,ENT_QUOTES,'UTF-8'); + $entities = array('%20', '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D'); + $replacements = array(' ','!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]"); + return str_replace($entities, $replacements, rawurlencode($string)); + } +} Index: branches/2.8.x/wb/templates/wb_theme/theme.css =================================================================== --- branches/2.8.x/wb/templates/wb_theme/theme.css (revision 1474) +++ branches/2.8.x/wb/templates/wb_theme/theme.css (revision 1475) @@ -1,14 +1,20 @@ * html div{ height :1em; /* Workaround gegen den 3-Pixel-Bug des Internet Explorers 6 *//* Workaround gegen den 3-Pixel-Bug des Internet Explorers 6 */ } -html{ /* Schrifteinstellung fĂĽr das ganze Dokument */ font-family :Verdana, "Trebuchet MS", Arial, Helvetica, sans-serif; font-size :90%; font-weight :normal; color :#404040; overflow :-moz-scrollbars-vertical; /* Force firefox to always show room for a vertical scrollbar *//* Force firefox to always show room for a vertical scrollbar */ } +html{ font-family :Verdana, "Trebuchet MS", Arial, Helvetica, sans-serif; font-size :100.1%; font-weight :normal; color :#404040; overflow :-moz-scrollbars-vertical; } body{ margin :0px; padding :0px; background :#a8bccb; text-align :left; } -body { margin: 0 auto; background-color: #a8bccb; /*background-image: url(images/background.png);*/ background-repeat: repeat-x; } +body { margin :0 auto; background-color :#a8bccb; background-repeat :repeat-x; } -td,th,input,textarea { color: #000000; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; } +td,th,input,textarea { + color :#000000; + font-size :0.9em; + font-family :Verdana, Arial, Helvetica, sans-serif; +} +textarea { font-size :1em; } img { border: 0px; } form { margin: 0; } -hr { margin: 15px 0px 15px 0px; color: #003366; height: 1px; } -h1 { color: #000000; font-size: 20px; text-align: center; text-transform: uppercase; } -h2 { margin: 5px 0px 5px 0px; color: #336699; font-size: 15px; } +hr { margin: 1em auto; color: #003366; height: 1px; } +h1 { color: #000000; font-size: 1.8em; text-align: center; text-transform: uppercase; } +h2 { margin: 0.5em 0px 0.5em 0px; color: #336699; font-size: 1.5em; } +h2 { font-family :arial,sans-serif; letter-spacing :-1px; margin :0.5em 0; text-align :left; } h4 { margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px; } a h3 { margin: 0; font-size :1.1em; padding-bottom: 2px; } li p { margin: 0.5em 0; } @@ -22,7 +28,7 @@ div.box { width: 100%; margin: -10px 0 0 0; font-size: small; text-align: right; } .header { width: 900px; margin: 0 auto; } .container { width: 85%; margin: 0 auto; background: #fff url(images/bgtitle.png); background-repeat: repeat-x; } -.content { padding: 20px; width: 900px; margin: 0 auto; min-height: 300px; vertical-align: top; } +.content { padding: 1.6em; font-size :0.8em; margin: 0 auto; min-height: 300px; vertical-align: top; } #content_container {text-align:center;width:900px;clear:both;margin:0 auto;} @@ -34,7 +40,10 @@ .menu a, .menu a:link, .menu a:active, .menu a:visited { border-bottom: 0; padding: 7px 11px 9px 11px; color: #fff; } .menu a:hover { color: #fff; background: #fff url(images/menuo.png); background-repeat: repeat-x; text-decoration: none; } .note { color: #666666; font-size: 10px; } -.page_list {width:100%;} +div .pages_list { + width :100%; + font-size :0.7em; +} .pages_list .icon_col td img { border-style: none; float: left; padding-right: 7px; display: block; } .pages_list table { width: 100%; margin: 0 auto; background-color: #DCDCDC; } .pages_list ul { margin: 0; padding: 0px; font-weight: normal; } @@ -43,7 +52,7 @@ img.page_list_rights { border: none; margin-right: 5px; float: left; margin-top: 2px; margin-bottom: 2px; } .content input { font-size: 12px; } -.section { margin-top: 10px; padding: 0px; /*border: 1px solid #999999;*/ width: 100%; background-color: #FDFDFD; height: 75px; } +.section { margin-top :10px; padding :0px; font-size :1em; width :100%; background-color :#FDFDFD; height :75px; } .sections_header { width: 100%; margin-bottom: 10px; border: none; background-color: #F0F0F0; height: 50px; } .sections_header td { padding: 5px; } .setting_name { width: 20%; } @@ -53,7 +62,7 @@ .tool_table ul { margin: 0; padding: 0; margin-left: 20px; margin-bottom: 2px; } .tool_table li { padding: 1px; list-style-type: disc; } /* CSS STYLES FOR THE PAGES SECTION */ -table.pages_view { width: 100%; margin: 0 auto; border: 0; background-color: #ECF3F7; border-spacing: 0px; } +table.pages_view { width :100%; margin :0 auto; border :0; background-color :#ECF3F7; border-spacing :0px; } table.pages_view tr:hover { background-color: #F1F8DD; } /* FORMS */ .submit, .cancel { width: 100px; margin-top: 5px; } @@ -66,7 +75,7 @@ select option.disabled { color: #aaa; } .jsadmin_drag img { padding: 3px 0; margin-top: 1px; vertical-align: top; cursor: pointer; } .modify_link { padding-top: 4px; display: inline; vertical-align: middle; } -.header_list_page_id { width: 50px; padding-right: 15px; text-align: right; } +.header_list_page_id { width: 30px; padding-right: 15px; text-align: right; } .header_list_actions { width: 150px; text-align: left; } .list_actions { width: 20px; text-align: left; } .sections_list { padding-left: 10px; font-weight: bold; } @@ -73,7 +82,6 @@ .header_list_block { width: 180px; text-align: left; } .header_list_sections_actions { width: 30px; text-align: left; } .value_page_code { width: 240px; color: #006400; font-weight: 400; } -#multi_lingual { font-weight: bolder; } /* Ende */ .pages_list table td, table.pages_view td { padding: 3px; } .save, .reset, .input_narrow { width: 100px; } @@ -81,7 +89,7 @@ #file_mode input, #dir_mode input { width: 12px; height: 12px; } #hide2, .hide, .page_list { display: none; } .header_list_page_title, .list_page_title { width: 300px; text-align: left; } -.list_section_id, .list_page_id, .header_list_section_id { width: 30px; text-align: right; } +.list_section_id, .list_page_id, .header_list_section_id { width: 2em; text-align: right; } .list_page_code, .list_page_language { width: 240px; } .form_submit .left, .header_list_menu_title, .list_menu_title, .header_list_type { text-align: left; } .header_title, .sections_list table, .setting_value input, .setting_value select, .setting_value textarea, .value_input input, .value_input text, .value_input select, .form_submit, .input_full { width: 100%; } Index: branches/2.8.x/wb/templates/wb_theme/templates/users.htt =================================================================== --- branches/2.8.x/wb/templates/wb_theme/templates/users.htt (revision 1474) +++ branches/2.8.x/wb/templates/wb_theme/templates/users.htt (revision 1475) @@ -1,7 +1,7 @@
- +{FTAN} Index: branches/2.8.x/wb/templates/wb_theme/templates/pages_sections.htt =================================================================== --- branches/2.8.x/wb/templates/wb_theme/templates/pages_sections.htt (revision 1474) +++ branches/2.8.x/wb/templates/wb_theme/templates/pages_sections.htt (revision 1475) @@ -66,7 +66,7 @@ Index: branches/2.8.x/wb/templates/argos_theme/templates/users.htt =================================================================== --- branches/2.8.x/wb/templates/argos_theme/templates/users.htt (revision 1474) +++ branches/2.8.x/wb/templates/argos_theme/templates/users.htt (revision 1475) @@ -2,6 +2,7 @@ +{FTAN}
- + X
Index: branches/2.8.x/wb/templates/argos_theme/templates/pages_sections.htt =================================================================== --- branches/2.8.x/wb/templates/argos_theme/templates/pages_sections.htt (revision 1474) +++ branches/2.8.x/wb/templates/argos_theme/templates/pages_sections.htt (revision 1475) @@ -60,7 +60,7 @@ Index: branches/2.8.x/wb/languages/FI.php =================================================================== --- branches/2.8.x/wb/languages/FI.php (revision 1474) +++ branches/2.8.x/wb/languages/FI.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Anna sähköpostiosoite'; $MESSAGE['START_CURRENT_USER'] = 'Olet kirjautunut nimellä:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Poista asennuskansio!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Tervetuloa sivuston hallintaan'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Sivupohjan voi vaihtaa asetukset-kohdasta'; $MESSAGE['USERS_ADDED'] = 'Lisätty'; Index: branches/2.8.x/wb/languages/EN.php =================================================================== --- branches/2.8.x/wb/languages/EN.php (revision 1474) +++ branches/2.8.x/wb/languages/EN.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'You must enter an email address'; $MESSAGE['START_CURRENT_USER'] = 'You are currently logged in as:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Warning, Installation Directory Still Exists!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Welcome to WebsiteBaker Administration'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Please note: to change the template you must go to the Settings section'; $MESSAGE['USERS_ADDED'] = 'User added successfully'; Index: branches/2.8.x/wb/languages/CS.php =================================================================== --- branches/2.8.x/wb/languages/CS.php (revision 1474) +++ branches/2.8.x/wb/languages/CS.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Musíte zadat e-mailovou adresu'; $MESSAGE['START_CURRENT_USER'] = 'Jste přihlášeni jako:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Pozor, stále existuje instalační adresář!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Vítejte v Administrační části'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Pozn.: změna šablony se provádí v sekci Nastavení'; $MESSAGE['USERS_ADDED'] = 'Uživatel byl úspěšně přidán'; Index: branches/2.8.x/wb/languages/SE.php =================================================================== --- branches/2.8.x/wb/languages/SE.php (revision 1474) +++ branches/2.8.x/wb/languages/SE.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Du måste skriva en e-postadress'; $MESSAGE['START_CURRENT_USER'] = 'Du är inloggad som:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'VARNING, installationsmappen finns fortfarande kvar!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Välkommen till administrationen av WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Observera: för att ändra Mall, måste du gå till Sektionen Inställningar'; $MESSAGE['USERS_ADDED'] = 'Användaren lades till'; Index: branches/2.8.x/wb/languages/ES.php =================================================================== --- branches/2.8.x/wb/languages/ES.php (revision 1474) +++ branches/2.8.x/wb/languages/ES.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Debe ingresar una direccion de email'; $MESSAGE['START_CURRENT_USER'] = 'Estás conectado como:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'El directorio de instalación todavía existe. Es buena idea eliminarlo!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Bienvenido a la consola de Administración'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Atención: para cambiar la plantilla ir a la sección de Configuración'; $MESSAGE['USERS_ADDED'] = 'Nuevo usuario agregado'; Index: branches/2.8.x/wb/languages/FR.php =================================================================== --- branches/2.8.x/wb/languages/FR.php (revision 1474) +++ branches/2.8.x/wb/languages/FR.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'L'adresse email est obligatoire'; $MESSAGE['START_CURRENT_USER'] = 'Vous êtes connecté en tant que : '; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Attention : le répertoire d'installation existe toujours'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Bienvenue dans la zone d'administration'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Pour modifier le thème du site, vous devez vous rendre dans la rubrique Réglages'; $MESSAGE['USERS_ADDED'] = 'Utilisateur ajouté avec succès'; Index: branches/2.8.x/wb/languages/ET.php =================================================================== --- branches/2.8.x/wb/languages/ET.php (revision 1474) +++ branches/2.8.x/wb/languages/ET.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Sa pead sisestama emaili aadressi'; $MESSAGE['START_CURRENT_USER'] = 'Sa oled praegu sisse logitud:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Hoiatus, Installatsiooni kataloog eksisteerib!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Teretulemast WebsiteBaker Administratsiooni'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Märge: kujunduse muutmiseks sa pead minema Seadete sektsiooni'; $MESSAGE['USERS_ADDED'] = 'Kasutaja edukalt lisatud'; Index: branches/2.8.x/wb/languages/HR.php =================================================================== --- branches/2.8.x/wb/languages/HR.php (revision 1474) +++ branches/2.8.x/wb/languages/HR.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Unesite email adresu'; $MESSAGE['START_CURRENT_USER'] = 'Trenutno ste logirani kao:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Upozorenje, instalacijski direktoriji nije još obrisan!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Dobro došli u WebsiteBaker administraciju'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Obavijest: Za promjenu predloška idite na dio s Postavkama'; $MESSAGE['USERS_ADDED'] = 'Korisnik je dodan supješno'; Index: branches/2.8.x/wb/languages/NL.php =================================================================== --- branches/2.8.x/wb/languages/NL.php (revision 1474) +++ branches/2.8.x/wb/languages/NL.php (revision 1475) @@ -630,6 +630,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'U moet een e-mailadres invullen'; $MESSAGE['START_CURRENT_USER'] = 'U bent ingelogd als'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Waarschuwing, de installatiemap bestaat nog steeds. U dient deze te verwijderen om veiligheidsrisico’s te vermijden!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Welkom bij het websitebeheer'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Attentie: om de template aan te passen moet u naar de instellingensectie'; $MESSAGE['USERS_ADDED'] = 'Gebruiker toegevoegd'; Index: branches/2.8.x/wb/languages/PL.php =================================================================== --- branches/2.8.x/wb/languages/PL.php (revision 1474) +++ branches/2.8.x/wb/languages/PL.php (revision 1475) @@ -631,6 +631,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'NaleĹĽy wprowadzić adres e-mail'; $MESSAGE['START_CURRENT_USER'] = 'JesteĹ› obecnie zalogowany(-a) jako:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Uwaga: katalog instalacyjny wciÄ…ĹĽ istnieje!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Witamy w panelu administracyjnym WebsiteBakera'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Uwaga: aby zmienić szablon, naleĹĽy przejść do sekcji Ustawienia'; $MESSAGE['USERS_ADDED'] = 'UĹĽytkownik zostaĹ‚ dodany'; Index: branches/2.8.x/wb/languages/HU.php =================================================================== --- branches/2.8.x/wb/languages/HU.php (revision 1474) +++ branches/2.8.x/wb/languages/HU.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'E-mail címet meg kell adnia'; $MESSAGE['START_CURRENT_USER'] = 'Bejelentkezve mint:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Figyelmeztetés! A telepítési könyvtár még nem lett törölve!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = '¤v a WebsiteBaker Admin felületén'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Figyelem: A sablon megváltoztatását a beállításokban teheti meg'; $MESSAGE['USERS_ADDED'] = 'Felhasználó sikeresen hozzáadva'; Index: branches/2.8.x/wb/languages/IT.php =================================================================== --- branches/2.8.x/wb/languages/IT.php (revision 1474) +++ branches/2.8.x/wb/languages/IT.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Deve inserire un indirizzo di email'; $MESSAGE['START_CURRENT_USER'] = 'Sei registrato come:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Attenzione, la directory di installazione esiste già!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Benvenuto alla pagina di Amministrazione di WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Per cambiare il Template andare alla sezione Impostazioni'; $MESSAGE['USERS_ADDED'] = 'Utente aggiunto'; Index: branches/2.8.x/wb/languages/NO.php =================================================================== --- branches/2.8.x/wb/languages/NO.php (revision 1474) +++ branches/2.8.x/wb/languages/NO.php (revision 1475) @@ -628,6 +628,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Du må skrive inn en e-post adresse'; $MESSAGE['START_CURRENT_USER'] = 'Du er logget inn som:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Advarsel, installasjonskatalogen eksisterer forsatt!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Velkommen til WebsiteBaker Administrasjon'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Merk: For å endre malen må man gjøre dette i Instillinger seksjonen'; $MESSAGE['USERS_ADDED'] = 'Lykkes å opprette ny bruker'; Index: branches/2.8.x/wb/languages/SK.php =================================================================== --- branches/2.8.x/wb/languages/SK.php (revision 1474) +++ branches/2.8.x/wb/languages/SK.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Musíte zadať e-mailovou adresu'; $MESSAGE['START_CURRENT_USER'] = 'Ste prihlásený ako:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Pozor, stále existuje inštalačný adresár!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Vitajte v administratívnej časti'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Pozn.: zmena šablony sa provádza v sekcii Nastavenia'; $MESSAGE['USERS_ADDED'] = 'Užívateľ bol úspešne pridaný'; Index: branches/2.8.x/wb/languages/LV.php =================================================================== --- branches/2.8.x/wb/languages/LV.php (revision 1474) +++ branches/2.8.x/wb/languages/LV.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Jaievada e-pasta adrese'; $MESSAGE['START_CURRENT_USER'] = 'Tu šobrid esi ielogojies ka:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Bridinajums, instalacijas mape vel arvien eksiste!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Esi sveicinats WebsiteBaker administracija'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Ludzu iegaume: lai mainitu šablonu, jadotas uz iestatijumu sadalu'; $MESSAGE['USERS_ADDED'] = 'Lietotajs veiksmigi pievienots'; Index: branches/2.8.x/wb/languages/CA.php =================================================================== --- branches/2.8.x/wb/languages/CA.php (revision 1474) +++ branches/2.8.x/wb/languages/CA.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Heu d\'Introduir una adreça de correu'; $MESSAGE['START_CURRENT_USER'] = 'Actualment esteu identificat com a:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Atenció, el Directori d\'Instal·lació Encara Existeix!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Benvingut/da al Panell de Control de WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Avís: per a canviar la plantilla heu d\'anar a la secció Paràmetres'; $MESSAGE['USERS_ADDED'] = 'Usuari afegit amb èxit'; Index: branches/2.8.x/wb/languages/PT.php =================================================================== --- branches/2.8.x/wb/languages/PT.php (revision 1474) +++ branches/2.8.x/wb/languages/PT.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Você precisa informar um endere&ccdil;o de email'; $MESSAGE['START_CURRENT_USER'] = 'Você está logado como:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Aviso, O diretório "INSTALL" ainda existe!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Bem-Vindo à Administra&ccdil;ão do WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Aten&ccdil;ão: para alterar o tema (template) você precisa ir até a sessão Configura&ccdil;ões'; $MESSAGE['USERS_ADDED'] = 'Usuário adicionado com sucesso'; Index: branches/2.8.x/wb/languages/DA.php =================================================================== --- branches/2.8.x/wb/languages/DA.php (revision 1474) +++ branches/2.8.x/wb/languages/DA.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Du skal indtaste en gyldig email-adresse'; $MESSAGE['START_CURRENT_USER'] = 'Du er lige nu logget ind som:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'ADVARSEL! Installationsbiblioteket (mappen) findes stadig på serveren. Du bør slette den straks af hensyn til sikkerheden!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Velkommen til administration af din WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'OBS: For at ændre skabelonen skal du gå til punktet indstillinger'; $MESSAGE['USERS_ADDED'] = 'Brugeren er oprettet'; Index: branches/2.8.x/wb/languages/TR.php =================================================================== --- branches/2.8.x/wb/languages/TR.php (revision 1474) +++ branches/2.8.x/wb/languages/TR.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Bir email adresi girmelisiniz.'; $MESSAGE['START_CURRENT_USER'] = 'Sizin kullandýðýnýz giriþ ismi:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Uyarý! Yükleme dizini halen duruyor!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Hoþgeldiniz WebsiteBaker Yönetimine'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Please note: to change the template you must go to the Settings section'; $MESSAGE['USERS_ADDED'] = 'Kullanýcý, baþarýlý bir þekilde ekledi'; Index: branches/2.8.x/wb/languages/RU.php =================================================================== --- branches/2.8.x/wb/languages/RU.php (revision 1474) +++ branches/2.8.x/wb/languages/RU.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Вы должны ввести email адрес'; $MESSAGE['START_CURRENT_USER'] = 'Вы вошли как:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Внимание, инсталяционная директория все еще не удалена!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Добро пожаловать в Меню Администрирования Сайта'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Внимание! Чтобы чтобы сменить шаблон перейдите в раздел "Установки"'; $MESSAGE['USERS_ADDED'] = 'Пользователь добавлен успешно'; Index: branches/2.8.x/wb/languages/DE.php =================================================================== --- branches/2.8.x/wb/languages/DE.php (revision 1474) +++ branches/2.8.x/wb/languages/DE.php (revision 1475) @@ -629,6 +629,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Bitte geben Sie Ihre E-Mail Adresse an'; $MESSAGE['START_CURRENT_USER'] = 'Sie sind momentan angemeldet als:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Das Installations-Verzeichnis "/install" existiert noch! Dies stellt ein Sicherheitsrisiko dar. Bitte löschen.'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Bitte die Datei "upgrade-script.php" vom Webserver löschen.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Willkommen in der WebsiteBaker Verwaltung'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Bitte beachten Sie: Um eine andere Designvorlage auszuwählen, benutzen Sie den Bereich "Optionen"'; $MESSAGE['USERS_ADDED'] = 'Der Benutzer wurde erfolgreich hinzugefügt'; Index: branches/2.8.x/wb/languages/BG.php =================================================================== --- branches/2.8.x/wb/languages/BG.php (revision 1474) +++ branches/2.8.x/wb/languages/BG.php (revision 1475) @@ -632,6 +632,7 @@ $MESSAGE['SIGNUP_NO_EMAIL'] = 'Трябва да въведете e-mail адрес'; $MESSAGE['START_CURRENT_USER'] = 'Вие влязохте като:'; $MESSAGE['START_INSTALL_DIR_EXISTS'] = 'Внимание, Инсталационната директория все още съществува!'; +$MESSAGE['START_UPGRADE_SCRIPT_EXISTS'] = 'Please delete the file "upgrade-script.php" from your webspace.'; $MESSAGE['START_WELCOME_MESSAGE'] = 'Добре дошли в Аминистративната страница на WebsiteBaker'; $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] = 'Внимание: за да смените шаблона отидете в настройки'; $MESSAGE['USERS_ADDED'] = 'Потребителя е добавен успешно'; Index: branches/2.8.x/wb/modules/output_filter/uninstall.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/uninstall.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/uninstall.php (revision 1475) @@ -21,5 +21,3 @@ $table = TABLE_PREFIX .'mod_output_filter'; $database->query("DROP TABLE IF EXISTS `$table`"); - -?> \ No newline at end of file Index: branches/2.8.x/wb/modules/output_filter/filter-routines.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/filter-routines.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/filter-routines.php (revision 1475) @@ -28,6 +28,7 @@ if($result && $result->numRows() > 0) { // get all data $data = $result->fetchRow(); + $filter_settings['sys_rel'] = $admin->strip_slashes($data['sys_rel']); $filter_settings['email_filter'] = $admin->strip_slashes($data['email_filter']); $filter_settings['mailto_filter'] = $admin->strip_slashes($data['mailto_filter']); $filter_settings['at_replacement'] = $admin->strip_slashes($data['at_replacement']); @@ -34,6 +35,7 @@ $filter_settings['dot_replacement'] = $admin->strip_slashes($data['dot_replacement']); } else { // something went wrong, use default values + $filter_settings['sys_rel'] = '0'; $filter_settings['email_filter'] = '0'; $filter_settings['mailto_filter'] = '0'; $filter_settings['at_replacement'] = '(at)'; @@ -50,7 +52,33 @@ function filter_frontend_output($content) { // get output filter settings from database $filter_settings = get_output_filter_settings(); - + $location = ''; + if($filter_settings['sys_rel'] == '1'){ + if( !isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off' ) + { + define('SYS_HTTPS', false); + define('SYS_PORT', (($_SERVER['SERVER_PORT'] != '80') ? ':'.$_SERVER['SERVER_PORT'] : '') ); + define('SYS_PROTOCOL', 'http'); + }else + { + define('SYS_HTTPS', true); + define('SYS_PORT', (($_SERVER['SERVER_PORT'] != '443') ? ':'.$_SERVER['SERVER_PORT'] : '') ); + define('SYS_PROTOCOL', 'https'); + } + $tmp = ''; + if( isset($_SERVER['HTTP_HOST']) ) + { + $tmp = $_SERVER['HTTP_HOST']; + }elseif( isset($_SERVER['SERVER_NAME']) ) + { + $tmp = $_SERVER['SERVER_NAME']; + } + + define('WB_HOST', preg_replace('/:[0-9]*$/', '', $tmp)); + $location = SYS_PROTOCOL.'://'.WB_HOST.SYS_PORT; + + } + // work out the defined output filter mode: possible output filter modes: [0], 1, 2, 3, 6, 7 // 2^0 * (0.. disable, 1.. enable) filtering of mail addresses in text // 2^1 * (0.. disable, 1.. enable) filtering of mail addresses in mailto links @@ -58,7 +86,8 @@ // only filter output if we are supposed to if($filter_settings['email_filter'] != '1' && $filter_settings['mailto_filter'] != '1'){ - // nothing to do ... + $searchfor = '/(<.*?=\s*?\")(?:'.preg_quote($location, '/').')(.*?\".*?>)/i'; + $content = preg_replace($searchfor, '$1$2', $content); return $content; } @@ -104,6 +133,9 @@ // find all email addresses embedded in the content and filter them using a callback function $content = preg_replace_callback($pattern, 'filter_mail_addresses', $content); + // href can't be empty + $searchfor = '/(<.*?=\s*?\")(?:'.preg_quote($location, '/').')(.*?\".*?>)/i'; + $content = preg_replace($searchfor, '$1$2', $content); return $content; } } Property changes on: branches/2.8.x/wb/modules/output_filter/filter-routines.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/info.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/info.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/info.php (revision 1475) @@ -1,29 +1,26 @@ - \ No newline at end of file +print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$_SERVER['REQUEST_URI'],false); } // get overall output filter settings + $sys_rel = (isset($_POST['sys_rel']) && $_POST['sys_rel'] == '1') ? '1' : '0'; $email_filter = (isset($_POST['email_filter']) && $_POST['email_filter'] == '1') ? '1' : '0'; $mailto_filter = (isset($_POST['mailto_filter']) && $_POST['mailto_filter'] == '1') ? '1' : '0'; @@ -47,8 +48,8 @@ $dot_replacement = (strlen(trim($dot_replacement)) > 0) ? $admin->add_slashes($dot_replacement) : '(dot)'; // update database settings - $database->query("UPDATE " .TABLE_PREFIX ."mod_output_filter SET email_filter = '$email_filter', - mailto_filter = '$mailto_filter', at_replacement = '$at_replacement', dot_replacement = '$dot_replacement'"); + $database->query("UPDATE " .TABLE_PREFIX ."mod_output_filter SET email_filter = '$email_filter', + sys_rel = '$sys_rel', mailto_filter = '$mailto_filter', at_replacement = '$at_replacement', dot_replacement = '$dot_replacement'"); // check if there is a database error, otherwise say successful if(!$admin_header) { $admin->print_header(); } @@ -78,6 +79,15 @@
{VAR_MOVE_DOWN_URL} - + {TEXT_DELETE}
+ + + +
:
: + + name="sys_rel" value="1"> + + name="sys_rel" value="0"> +
: @@ -109,6 +119,3 @@
- Property changes on: branches/2.8.x/wb/modules/output_filter/tool.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/NL.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/NL.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/NL.php (revision 1475) @@ -1,31 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - ----------------------------------------------------------------------------------------- - ENGLISH LANGUAGE FILE FOR THE ADDON: OUTPUT_FILTER - ----------------------------------------------------------------------------------------- -*/ - // Headings and text outputs $MOD_MAIL_FILTER['HEADING'] = 'Beheersinstellingen: Output Filter'; $MOD_MAIL_FILTER['HOWTO'] = 'Hier kan je de uitvoer filteren met onderstaande opties.

Tip: Mailto links kunnen gecodeerd worden door een Javascript functie. Om van deze optie gebruik te kunnen maken moet je de PHP code <?php register_frontend_modfiles(\'js\');?> in de <head> sectie van het index.php bestand van je template plaatsen. Zonder deze aanpassing zal enkel het @ teken in het mailto deel vervangen worden.

'; @@ -33,6 +23,7 @@ // Text and captions of form elements $MOD_MAIL_FILTER['BASIC_CONF'] = 'E-mail Configuratie'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; $MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filter E-mail adressen in tekst'; $MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filter E-mail adressen in mailto links'; $MOD_MAIL_FILTER['ENABLED'] = 'Aan'; @@ -41,5 +32,3 @@ $MOD_MAIL_FILTER['REPLACEMENT_CONF'] = 'Vervang E-mail tekens'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Vervang "@" door'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Vervang "." door'; - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/NL.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/NO.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/NO.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/NO.php (revision 1475) @@ -1,31 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - ------------------------------------------------------------------------------------------ -NORSK LANGUAGE FILE FOR THE ADDON: OUTPUT_FILTER ------------------------------------------------------------------------------------------ -*/ - // Headings and text outputs $MOD_MAIL_FILTER['HEADING'] = 'Valg: Filtrering av ut data'; $MOD_MAIL_FILTER['HOWTO'] = 'Du kan gjøre innstillinger for utdatafitreringen i valgene nedenfor.

Tips: Mailto linker kan krypteres av en Javascript funksjon. For å få benyttet denne funksjonen, må det legges til følgende PHP kode <?php register_frontend_modfiles(\'js\');?> inn i <head> seksjonen i index.php på design malen din. Uten denne modifikasjonen, vil kun @ karakterer i mailto linker bli erstattet.

'; @@ -33,6 +23,7 @@ // Text and captions of form elements $MOD_MAIL_FILTER['BASIC_CONF'] = 'Enkel Epost konfigurasjon'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; $MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filtrer Epost adresser i tekst'; $MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filtrer Epost adresser i mailto linker'; $MOD_MAIL_FILTER['ENABLED'] = 'Påslått'; @@ -41,5 +32,3 @@ $MOD_MAIL_FILTER['REPLACEMENT_CONF']= 'Endringe i Epost adresser'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Bytt "@" med'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Bytt "." med'; - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/NO.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/EN.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/EN.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/EN.php (revision 1475) @@ -1,45 +1,34 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - ----------------------------------------------------------------------------------------- - ENGLISH LANGUAGE FILE FOR THE ADDON: OUTPUT_FILTER - ----------------------------------------------------------------------------------------- -*/ - // Headings and text outputs -$MOD_MAIL_FILTER['HEADING'] = 'Options: Output Filter'; -$MOD_MAIL_FILTER['HOWTO'] = 'You can configure the output filtering with the options below.

Tip: Mailto links can be encrypted by a Javascript function. To make use of this option, one needs to add the PHP code <?php register_frontend_modfiles(\'js\');?> into the <head> section of the index.php of your template. Without this modification, only the @ character in the mailto part will be replaced.

'; -$MOD_MAIL_FILTER['WARNING'] = ''; +$MOD_MAIL_FILTER['HEADING'] = 'Options: Output Filter'; +$MOD_MAIL_FILTER['HOWTO'] = 'You can configure the output filtering with the options below.

Tip: Mailto links can be encrypted by a Javascript function. To make use of this option, one needs to add the PHP code <?php register_frontend_modfiles(\'js\');?> into the <head> section of the index.php of your template. Without this modification, only the @ character in the mailto part will be replaced.

'; +$MOD_MAIL_FILTER['WARNING'] = ''; // Text and captions of form elements -$MOD_MAIL_FILTER['BASIC_CONF'] = 'Basic Email Configuration'; -$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filter Email addresses in text'; -$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filter Email addresses in mailto links'; -$MOD_MAIL_FILTER['ENABLED'] = 'Enabled'; -$MOD_MAIL_FILTER['DISABLED'] = 'Disabled'; +$MOD_MAIL_FILTER['BASIC_CONF'] = 'Basic Email Configuration'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; +$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filter Email addresses in text'; +$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filter Email addresses in mailto links'; +$MOD_MAIL_FILTER['ENABLED'] = 'Enabled'; +$MOD_MAIL_FILTER['DISABLED'] = 'Disabled'; $MOD_MAIL_FILTER['REPLACEMENT_CONF']= 'Email Replacements'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Replace "@" by'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Replace "." by'; - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/EN.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/DA.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/DA.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/DA.php (revision 1475) @@ -1,31 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - ----------------------------------------------------------------------------------------- - DANISH LANGUAGE FILE FOR THE ADDON: OUTPUT_FILTER - ----------------------------------------------------------------------------------------- -*/ - // Headings and text outputs $MOD_MAIL_FILTER['HEADING'] = 'Indstillinger: Output-filter'; $MOD_MAIL_FILTER['HOWTO'] = 'Du kan konfigurere output-filteret med indstillingerne nedenfor.

Tip: Mailadresser kan krypteres vedhjælp af en Javascript-funktion. For at gøre brug af denne indstilling, skal du tilføje PHP-koden til sektionnen af index.php i din template (layout-skabelon). Uden denne ændring vil kun @-tegnet i email-adressen blive erstattet.

'; @@ -33,6 +23,7 @@ // Text and captions of form elements $MOD_MAIL_FILTER['BASIC_CONF'] = 'Email grundindstillinger'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; $MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filtrer emailadresser i tekst'; $MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filtrer emailadresser i mailto-links'; $MOD_MAIL_FILTER['ENABLED'] = 'Aktiveret'; @@ -42,4 +33,3 @@ $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Erstat "@" med'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Erstat "." med'; -?> Property changes on: branches/2.8.x/wb/modules/output_filter/languages/DA.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/RU.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/RU.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/RU.php (revision 1475) @@ -1,45 +1,35 @@ Важно: Mailto ссылки могут быть скрыты от спамеров с помощью Javascript. Чтобы использовать эту возможность, добавьте следующий PHP код <?php register_frontend_modfiles(\'js\');?> в <head> секцию index.php файла вашего шаблона. Иначе только символ @ будет заменен в mailto ссылках.

'; -$MOD_MAIL_FILTER['WARNING'] = ''; +$MOD_MAIL_FILTER['HEADING'] = 'Настройки: Output Filter'; +$MOD_MAIL_FILTER['HOWTO'] = 'Вы можете настроить фильтрацию, используя настройки ниже.

Важно: Mailto ссылки могут быть скрыты от спамеров с помощью Javascript. Чтобы использовать эту возможность, добавьте следующий PHP код <?php register_frontend_modfiles(\'js\');?> в <head> секцию index.php файла вашего шаблона. Иначе только символ @ будет заменен в mailto ссылках.

'; +$MOD_MAIL_FILTER['WARNING'] = ''; // Text and captions of form elements -$MOD_MAIL_FILTER['BASIC_CONF'] = 'Основные настройки Email'; -$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Скрывать Email адреса в тексте'; -$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Скрывать Email адреса в mailto ссылках'; -$MOD_MAIL_FILTER['ENABLED'] = 'Включено'; -$MOD_MAIL_FILTER['DISABLED'] = 'Выключено'; +$MOD_MAIL_FILTER['BASIC_CONF'] = 'Основные настройки Email'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; +$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Скрывать Email адреса в тексте'; +$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Скрывать Email адреса в mailto ссылках'; +$MOD_MAIL_FILTER['ENABLED'] = 'Включено'; +$MOD_MAIL_FILTER['DISABLED'] = 'Выключено'; $MOD_MAIL_FILTER['REPLACEMENT_CONF']= 'Замены в адресах Email'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Заменять "@" на'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Заменять "." на'; -?> Property changes on: branches/2.8.x/wb/modules/output_filter/languages/RU.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/FR.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/FR.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/FR.php (revision 1475) @@ -1,47 +1,37 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - ----------------------------------------------------------------------------------------- - FRENCH LANGUAGE FILE FOR THE ADDON: OUTPUT_FILTER - ----------------------------------------------------------------------------------------- -*/ //Module Description $module_description = 'Ce module gère le filtrage des données avant affichage à l'utilisateur. Permets de filtrer les liens mailto et les adresses emails.'; // Headings and text outputs -$MOD_MAIL_FILTER['HEADING'] = 'Options: Output Filter'; -$MOD_MAIL_FILTER['HOWTO'] = 'Vous pouvez configurer le filtrage des données avant affichage grâce aux options ci-dessous.

Conseil: Les liens Mailto peuvent être cryptés à l'aide d'une fonction Javascript. Pour utiliser cette fonctionnalité, vous devez ajouter le code PHP <?php register_frontend_modfiles('js');?> dans la partie <head> de index.php de votre fichier modèle. Sans cette modification, seulement le caractère @ sera remplacé dans le champ mailto.

'; -$MOD_MAIL_FILTER['WARNING'] = ''; +$MOD_MAIL_FILTER['HEADING'] = 'Options: Output Filter'; +$MOD_MAIL_FILTER['HOWTO'] = 'Vous pouvez configurer le filtrage des données avant affichage grâce aux options ci-dessous.

Conseil: Les liens Mailto peuvent être cryptés à l'aide d'une fonction Javascript. Pour utiliser cette fonctionnalité, vous devez ajouter le code PHP <?php register_frontend_modfiles('js');?> dans la partie <head> de index.php de votre fichier modèle. Sans cette modification, seulement le caractère @ sera remplacé dans le champ mailto.

'; +$MOD_MAIL_FILTER['WARNING'] = ''; // Text and captions of form elements -$MOD_MAIL_FILTER['BASIC_CONF'] = 'Configuration de base des Emails'; -$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filtrer le texte des Emails'; -$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filtrer les liens mailto des Emails'; -$MOD_MAIL_FILTER['ENABLED'] = 'Activé'; -$MOD_MAIL_FILTER['DISABLED'] = 'Désactivé'; +$MOD_MAIL_FILTER['BASIC_CONF'] = 'Configuration de base des Emails'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendoutput with relative Urls'; +$MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filtrer le texte des Emails'; +$MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filtrer les liens mailto des Emails'; +$MOD_MAIL_FILTER['ENABLED'] = 'Activé'; +$MOD_MAIL_FILTER['DISABLED'] = 'Désactivé'; $MOD_MAIL_FILTER['REPLACEMENT_CONF']= 'Remplacements'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Remplacer "@" par'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Remplacer "." par'; - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/FR.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/index.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/index.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/index.php (revision 1475) @@ -1,28 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - header("Location: ../../../index.php"); - -?> \ No newline at end of file +exit(); \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/index.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/languages/DE.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/languages/DE.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/languages/DE.php (revision 1475) @@ -1,31 +1,21 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - ----------------------------------------------------------------------------------------- - DEUTSCHE SPRACHDATEI FUER DAS MODUL: OUTPUT_FILTER - ----------------------------------------------------------------------------------------- -*/ - // Deutsche Modulbeschreibung $module_description = 'Dieses Modul erlaubt die Filterung von Inhalten vor der Anzeige im Frontendbereich. Unterstüzt die Filterung von Emailadressen in mailto Links und Text.'; @@ -36,6 +26,7 @@ // Text von Form Elementen $MOD_MAIL_FILTER['BASIC_CONF'] = 'Grundeinstellungen'; +$MOD_MAIL_FILTER['SYS_REL'] = 'Frontendausgabe mit relativen Urls'; $MOD_MAIL_FILTER['EMAIL_FILTER'] = 'Filtere E-Mail Adressen im Text'; $MOD_MAIL_FILTER['MAILTO_FILTER'] = 'Filtere E-Mail Adressen in mailto Links'; $MOD_MAIL_FILTER['ENABLED'] = 'Aktiviert'; @@ -44,5 +35,3 @@ $MOD_MAIL_FILTER['REPLACEMENT_CONF'] = 'Email Ersetzungen'; $MOD_MAIL_FILTER['AT_REPLACEMENT'] = 'Ersetze "@" durch'; $MOD_MAIL_FILTER['DOT_REPLACEMENT'] = 'Ersetze "." durch'; - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/languages/DE.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/install.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/install.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/install.php (revision 1475) @@ -23,6 +23,7 @@ $database->query("DROP TABLE IF EXISTS `$table`"); $database->query("CREATE TABLE `$table` ( + `sys_rel` VARCHAR(1) NOT NULL DEFAULT '0', `email_filter` VARCHAR(1) NOT NULL DEFAULT '0', `mailto_filter` VARCHAR(1) NOT NULL DEFAULT '0', `at_replacement` VARCHAR(255) NOT NULL DEFAULT '(at)', @@ -32,6 +33,4 @@ // add default values to the module table $database->query("INSERT INTO ".TABLE_PREFIX - ."mod_output_filter (email_filter, mailto_filter, at_replacement, dot_replacement) VALUES ('0', '0', '(at)', '(dot)')"); - -?> \ No newline at end of file + ."mod_output_filter (sys_rel,email_filter, mailto_filter, at_replacement, dot_replacement) VALUES ('1','1', '1', '(at)', '(dot)')"); Property changes on: branches/2.8.x/wb/modules/output_filter/install.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/js/mdcr.js =================================================================== --- branches/2.8.x/wb/modules/output_filter/js/mdcr.js (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/js/mdcr.js (revision 1475) Property changes on: branches/2.8.x/wb/modules/output_filter/js/mdcr.js ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/js/index.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/js/index.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/js/index.php (revision 1475) @@ -1,28 +1,20 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - header("Location: ../../../index.php"); - -?> \ No newline at end of file +exit(); \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/output_filter/js/index.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/FTAN_SUPPORTED =================================================================== --- branches/2.8.x/wb/modules/output_filter/FTAN_SUPPORTED (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/FTAN_SUPPORTED (revision 1475) Property changes on: branches/2.8.x/wb/modules/output_filter/FTAN_SUPPORTED ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: branches/2.8.x/wb/modules/output_filter/index.php =================================================================== --- branches/2.8.x/wb/modules/output_filter/index.php (revision 1474) +++ branches/2.8.x/wb/modules/output_filter/index.php (revision 1475) @@ -1,21 +1,20 @@ - \ No newline at end of file +field_add($table_name,$field_name,$description )); +$sql = 'UPDATE '; +$sql .= '`'.$table.'` '; +$sql .= 'SET `'.$field_name.'` = \'1\' '; +if( !$database->query($sql.$sqlwhere) ) +{ + $sql_info = mysql_info($database->db_handle); +} Property changes on: branches/2.8.x/wb/modules/output_filter/upgrade.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +Date Revision Id HeadURL \ No newline at end of property Index: branches/2.8.x/wb/modules/show_menu2/info.php =================================================================== --- branches/2.8.x/wb/modules/show_menu2/info.php (revision 1474) +++ branches/2.8.x/wb/modules/show_menu2/info.php (revision 1475) @@ -19,9 +19,9 @@ $module_directory = 'show_menu2'; $module_name = 'show_menu2'; $module_function = 'snippet'; -$module_version = '4.9.5'; +$module_version = '4.9.6'; $module_platform = '2.7 | 2.8.2'; $module_author = 'Brodie Thiesfield'; $module_license = 'GNU General Public License'; $module_description = 'A code snippet for the Website Baker CMS providing a complete replacement for the builtin menu functions. See http://code.jellycan.com/show_menu2/ for details or view the readme file.'; -?> + Index: branches/2.8.x/wb/modules/show_menu2/include.php =================================================================== --- branches/2.8.x/wb/modules/show_menu2/include.php (revision 1474) +++ branches/2.8.x/wb/modules/show_menu2/include.php (revision 1475) @@ -807,7 +807,7 @@ if ($pageLevel >= $aStartLevel) { // massage the link into the correct form if(!INTRO_PAGE && $page['link'] == $wb->default_link) { - $url = WB_URL; + $url = WB_URL.'/'; } else { $url = $wb->page_link($page['link']); @@ -843,4 +843,3 @@ } } -?> Index: branches/2.8.x/wb/modules/droplets/js/mdcr.js =================================================================== --- branches/2.8.x/wb/modules/droplets/js/mdcr.js (revision 1474) +++ branches/2.8.x/wb/modules/droplets/js/mdcr.js (nonexistent) @@ -1,30 +0,0 @@ - -// $Id$ - - -function mdcr(a,b) { - location.href=sdcr(a,b); -} - -function sdcr(a,f) { - var b = a.charCodeAt(a.length-1) -97; - var c=""; var e; var g; - - for(var d=a.length-2; d>-1; d--) { - if(a.charCodeAt(d) < 97) { - switch(a.charCodeAt(d)) { - case 70: g=64; break; - case 90: g=46; break; - case 88: g=95; break; - case 75: g=45; break; - default: g=a.charCodeAt(d); break; - } - c+=String.fromCharCode(g) - } else { - e=(a.charCodeAt(d) - 97 - b) % 26; - e+=(e<0 || e>25) ? +26 : 0; - c+=String.fromCharCode(e+97); - } - } - return "mailto:"+c+f; -} \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/droplets/js/mdcr.js ___________________________________________________________________ Deleted: svn:executable ## -1 +0,0 ## -* \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -Id \ No newline at end of property Index: branches/2.8.x/wb/modules/droplets/js/index.php =================================================================== --- branches/2.8.x/wb/modules/droplets/js/index.php (revision 1474) +++ branches/2.8.x/wb/modules/droplets/js/index.php (nonexistent) @@ -1,28 +0,0 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -header("Location: ../../../index.php"); - -?> \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/droplets/js/index.php ___________________________________________________________________ Deleted: svn:executable ## -1 +0,0 ## -* \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -Id \ No newline at end of property Index: branches/2.8.x/wb/modules/droplets/info.php =================================================================== --- branches/2.8.x/wb/modules/droplets/info.php (revision 1474) +++ branches/2.8.x/wb/modules/droplets/info.php (revision 1475) @@ -20,7 +20,7 @@ $module_directory = 'droplets'; $module_name = 'Droplets'; $module_function = 'tool'; -$module_version = '1.0.5'; +$module_version = '1.1.0'; $module_platform = '2.8.x'; $module_author = 'Ruud and pcwacht'; $module_license = 'GNU General Public License'; @@ -28,4 +28,3 @@ $module_home = 'http://www.websitebakers.com/pages/droplets/about-droplets.php'; $module_guid = '9F2AC2DF-C3E1-4E15-BA4C-2A86E37FE6E5'; -?> \ No newline at end of file Index: branches/2.8.x/wb/modules/droplets/example/LoginBox.php =================================================================== --- branches/2.8.x/wb/modules/droplets/example/LoginBox.php (revision 1474) +++ branches/2.8.x/wb/modules/droplets/example/LoginBox.php (revision 1475) @@ -1,126 +1,126 @@ //:Puts a Login / Logout box on your page. -//:Use: [[LoginBox?redirect=url]] - Absolute or relative url possible - Remember to enable frontend login in your website settings. +//:Use: [[LoginBox?redirect=url]] + Absolute or relative url possible + Remember to enable frontend login in your website settings. - global $wb,$page_id,$TEXT, $MENU, $HEADING; - - $return_value = '
'."\n"; - $return_admin = ' '; - // Return a system permission - function get_permission($name, $type = 'system') - { - global $wb; - // Append to permission type - $type .= '_permissions'; - // Check if we have a section to check for - if($name == 'start') { - return true; - } else { - // Set system permissions var - $system_permissions = $wb->get_session('SYSTEM_PERMISSIONS'); - // Set module permissions var - $module_permissions = $wb->get_session('MODULE_PERMISSIONS'); - // Set template permissions var - $template_permissions = $wb->get_session('TEMPLATE_PERMISSIONS'); - // Return true if system perm = 1 - if (isset($$type) && is_array($$type) && is_numeric(array_search($name, $$type))) { - if($type == 'system_permissions') { - return true; - } else { - return false; - } - } else { - if($type == 'system_permissions') { - return false; - } else { - return true; - } - } - } - } - - function get_page_permission($page, $action='admin') { - if ($action!='viewing'){ $action='admin';} - $action_groups=$action.'_groups'; - $action_users=$action.'_users'; - if (is_array($page)) { - $groups=$page[$action_groups]; - $users=$page[$action_users]; - } else { - global $database,$wb; - $results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'"); - $result = $results->fetchRow(); - $groups = explode(',', str_replace('_', '', $result[$action_groups])); - $users = explode(',', str_replace('_', '', $result[$action_users])); - } - - $in_group = FALSE; - foreach($wb->get_groups_id() as $cur_gid){ - if (in_array($cur_gid, $groups)) { - $in_group = TRUE; - } - } - if((!$in_group) AND !is_numeric(array_search($wb->get_user_id(), $users))) { - return false; - } - return true; - } - -// Get redirect - $redirect_url = ''; - $redirect_url = isset($redirect)&&($redirect!='') ? ''."\n" : $redirect_url; - $redirect_url = (isset($_SERVER['HTTP_REFERER']) && ($redirect_url=='') ? ''."\n" : $redirect_url ); - - if ( ( FRONTEND_LOGIN == 'enabled') && - ( VISIBILITY != 'private') && - ( $wb->get_session('USER_ID') == '') ) - { - $return_value .= '
'."\n"; - $return_value .= $redirect_url."\n"; - $return_value .= '
'."\n"; - $return_value .= '

'.$TEXT['LOGIN'].'

'."\n"; - $return_value .= ''."\n"; - $return_value .= '

'."\n"; - $return_value .= ''."\n"; - $return_value .= '

'."\n"; - $return_value .= '

'."\n"; - $return_value .= ''."\n"; - $return_value .= '
'."\n"; - $return_value .= '
'."\n"; - - } elseif( (FRONTEND_LOGIN == 'enabled') && - (is_numeric($wb->get_session('USER_ID'))) ) - { - $return_value .= '
'."\n"; - $return_value .= '
'."\n"; - $return_value .= '

'.$TEXT["LOGGED_IN"].'

'."\n"; - $return_value .= ''."\n"; - $return_value .= '

'."\n"; - $return_value .= '
    '."\n"; - $return_value .= '
  • '.$MENU['PREFERENCES'].'
    • '."\n"; - - if ($wb->ami_group_member('1')) //change ot the group that should get special links - { - $return_admin .= '
  • '.$TEXT["ADMINISTRATION"].'
    • '."\n"; - //you can add more links for your users like userpage, lastchangedpages or something - $return_value .= $return_admin; - } - //change ot the group that should get special links - if( get_permission('pages_modify') && get_page_permission( PAGE_ID ) ) - { - $return_value .= '
  • '.$HEADING['MODIFY_PAGE'].'
    • '."\n"; - } - $return_value .= '
'."\n"; - $return_value .= '
'."\n"; - $return_value .= '
'."\n"; - } - $return_value .= '
'."\n"; - return $return_value; + global $wb,$page_id,$TEXT, $MENU, $HEADING; + + $return_value = '
'."\n"; + $return_admin = ' '; + // Return a system permission + function get_permission($name, $type = 'system') + { + global $wb; + // Append to permission type + $type .= '_permissions'; + // Check if we have a section to check for + if($name == 'start') { + return true; + } else { + // Set system permissions var + $system_permissions = $wb->get_session('SYSTEM_PERMISSIONS'); + // Set module permissions var + $module_permissions = $wb->get_session('MODULE_PERMISSIONS'); + // Set template permissions var + $template_permissions = $wb->get_session('TEMPLATE_PERMISSIONS'); + // Return true if system perm = 1 + if (isset($$type) && is_array($$type) && is_numeric(array_search($name, $$type))) { + if($type == 'system_permissions') { + return true; + } else { + return false; + } + } else { + if($type == 'system_permissions') { + return false; + } else { + return true; + } + } + } + } + + function get_page_permission($page, $action='admin') { + if ($action!='viewing'){ $action='admin';} + $action_groups=$action.'_groups'; + $action_users=$action.'_users'; + if (is_array($page)) { + $groups=$page[$action_groups]; + $users=$page[$action_users]; + } else { + global $database,$wb; + $results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'"); + $result = $results->fetchRow(); + $groups = explode(',', str_replace('_', '', $result[$action_groups])); + $users = explode(',', str_replace('_', '', $result[$action_users])); + } + + $in_group = FALSE; + foreach($wb->get_groups_id() as $cur_gid){ + if (in_array($cur_gid, $groups)) { + $in_group = TRUE; + } + } + if((!$in_group) AND !is_numeric(array_search($wb->get_user_id(), $users))) { + return false; + } + return true; + } + +// Get redirect + $redirect_url = ''; + $redirect_url = (isset($_SERVER['HTTP_REFERER']) && ($redirect_url=='') ? ''."\n" : $redirect_url ); + $redirect_url = isset($redirect)&&($redirect!='') ? ''."\n" : $redirect_url; + + if ( ( FRONTEND_LOGIN == 'enabled') && + ( VISIBILITY != 'private') && + ( $wb->get_session('USER_ID') == '') ) + { + $return_value .= '
'."\n"; + $return_value .= $redirect_url."\n"; + $return_value .= '
'."\n"; + $return_value .= '

'.$TEXT['LOGIN'].'

'."\n"; + $return_value .= ''."\n"; + $return_value .= '

'."\n"; + $return_value .= ''."\n"; + $return_value .= '

'."\n"; + $return_value .= '

'."\n"; + $return_value .= ''."\n"; + $return_value .= '
'."\n"; + $return_value .= '
'."\n"; + + } elseif( (FRONTEND_LOGIN == 'enabled') && + (is_numeric($wb->get_session('USER_ID'))) ) + { + $return_value .= '
'."\n"; + $return_value .= '
'."\n"; + $return_value .= '

'.$TEXT["LOGGED_IN"].'

'."\n"; + $return_value .= ''."\n"; + $return_value .= '

'."\n"; + $return_value .= '
    '."\n"; + $return_value .= '
  • '.$MENU['PREFERENCES'].'
    • '."\n"; + + if ($wb->ami_group_member('1')) //change ot the group that should get special links + { + $return_admin .= '
  • '.$TEXT["ADMINISTRATION"].'
    • '."\n"; + //you can add more links for your users like userpage, lastchangedpages or something + $return_value .= $return_admin; + } + //change ot the group that should get special links + if( get_permission('pages_modify') && get_page_permission( PAGE_ID ) ) + { + $return_value .= '
  • '.$HEADING['MODIFY_PAGE'].'
    • '."\n"; + } + $return_value .= '
'."\n"; + $return_value .= '
'."\n"; + $return_value .= '
'."\n"; + } + $return_value .= '
'."\n"; + return $return_value;