Revision 15
Added by stefan about 20 years ago
| trunk/wb/languages/EN.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: EN.php,v 1.17 2005/04/15 06:38:13 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 434 | 434 |
$MESSAGE['TEMPLATES']['CHANGE_TEMPLATE_NOTICE'] = 'Please note: to change the template you must go to the Settings section'; |
| 435 | 435 |
|
| 436 | 436 |
$MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'] = 'Cannot include ../ in the folder name'; |
| 437 |
$MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST'] = 'Directory does not exist'; |
|
| 437 | 438 |
$MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH'] = 'Cannot have ../ in the folder target'; |
| 438 | 439 |
$MESSAGE['MEDIA']['NAME_DOT_DOT_SLASH'] = 'Cannot include ../ in the name'; |
| 439 | 440 |
$MESSAGE['MEDIA']['NAME_INDEX_PHP'] = 'Cannot use index.php as the name'; |
| ... | ... | |
| 498 | 499 |
$MESSAGE['MOD_FORM']['REQUIRED_FIELDS'] = 'You must enter details for the following fields'; |
| 499 | 500 |
$MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'] = 'Sorry, this form has been submitted too many times so far this hour. Please retry in the next hour.'; |
| 500 | 501 |
|
| 501 |
?> |
|
| 502 |
?> |
|
| trunk/wb/admin/media/browse.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: browse.php,v 1.4 2005/04/02 06:25:37 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 48 | 48 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); |
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 |
if(!file_exists(WB_PATH.'/media'.$directory)) {
|
|
| 52 |
$admin->print_header(); |
|
| 53 |
$admin->print_error($MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST']); |
|
| 54 |
} |
|
| 55 |
|
|
| 51 | 56 |
// Check to see if the user wanted to go up a directory into the parent folder |
| 52 | 57 |
if($admin->get_get('up') == 1) {
|
| 53 | 58 |
$parent_directory = dirname($directory); |
Also available in: Unified diff
Added directory check to browse.php to prevent xss exploit by trusted users.