Project

General

Profile

« Previous | Next » 

Revision 1735

Added by Dietmar about 12 years ago

  1. fixed missing $admin-print_header() by security warning
  2. fixed secureform.mtab because settings_page failed

View differences:

branches/2.8.x/CHANGELOG
13 13

  
14 14

  
15 15

  
16
31 Aug-2012 Build 1735 Dietmar Woellbrink (Luisehahne)
17
# fixed missing $admin-print_header() by security warning
18
# fixed secureform.mtab because settings_page failed
16 19
31 Aug-2012 Build 1734 Dietmar Woellbrink (Luisehahne)
17 20
# typofix in /install/save.php and /admin/settings_page.php
18 21
31 Aug-2012 Build 1733 Dietmar Woellbrink (Luisehahne)
branches/2.8.x/wb/admin/pages/settings_save.php
24 24
$admin = new admin('Pages', 'pages_settings',false);
25 25

  
26 26
// Get page id
27
if(!isset($_POST['page_id']) || (isset($_POST['page_id']) && preg_match('/[^0-9a-f]/i',$_POST['page_id'])) )
27
if(!isset($_POST['page_id']) || (isset($_POST['page_id']) && preg_match('/[^0-9a-z]/i',$_POST['page_id'])) )
28 28
{
29 29
	header("Location: index.php");
30 30
	exit(0);
......
32 32
//	$page_id = $admin->checkIDKEY('page_id');
33 33
//	$page_id = (int)$_POST['page_id']; || preg_match('/[^0-9a-f]/i',$_POST['page_id'])
34 34
	if((!($page_id = $admin->checkIDKEY('page_id')))) {
35
		$admin->print_header();
35 36
		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/index.php');
36 37
	}
37 38
}
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1734');
54
if(!defined('REVISION')) define('REVISION', '1735');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/SecureForm.mtab.php
301 301
		$key = md5($this->_salt.rand().uniqid('', true));
302 302

  
303 303
		//shorten hash a bit
304
		$key = str_replace(array("=","$","+"),array("-","_",""),base64_encode(pack('H*',$key)));
304
		$key = str_replace(array("=","$","+","/"),array("","","",""),base64_encode(pack('H*',$key)));
305 305

  
306 306
		// the key is unique, so store it in list
307 307
		if( !array_key_exists($key,  $_SESSION[$this->_idkey_name])) {

Also available in: Unified diff