Revision 1735
Added by Dietmar about 12 years ago
- fixed missing $admin-print_header() by security warning
- fixed secureform.mtab because settings_page failed
branches/2.8.x/CHANGELOG | ||
---|---|---|
13 | 13 |
|
14 | 14 |
|
15 | 15 |
|
16 |
31 Aug-2012 Build 1735 Dietmar Woellbrink (Luisehahne) |
|
17 |
# fixed missing $admin-print_header() by security warning |
|
18 |
# fixed secureform.mtab because settings_page failed |
|
16 | 19 |
31 Aug-2012 Build 1734 Dietmar Woellbrink (Luisehahne) |
17 | 20 |
# typofix in /install/save.php and /admin/settings_page.php |
18 | 21 |
31 Aug-2012 Build 1733 Dietmar Woellbrink (Luisehahne) |
branches/2.8.x/wb/admin/pages/settings_save.php | ||
---|---|---|
24 | 24 |
$admin = new admin('Pages', 'pages_settings',false); |
25 | 25 |
|
26 | 26 |
// Get page id |
27 |
if(!isset($_POST['page_id']) || (isset($_POST['page_id']) && preg_match('/[^0-9a-f]/i',$_POST['page_id'])) )
|
|
27 |
if(!isset($_POST['page_id']) || (isset($_POST['page_id']) && preg_match('/[^0-9a-z]/i',$_POST['page_id'])) )
|
|
28 | 28 |
{ |
29 | 29 |
header("Location: index.php"); |
30 | 30 |
exit(0); |
... | ... | |
32 | 32 |
// $page_id = $admin->checkIDKEY('page_id'); |
33 | 33 |
// $page_id = (int)$_POST['page_id']; || preg_match('/[^0-9a-f]/i',$_POST['page_id']) |
34 | 34 |
if((!($page_id = $admin->checkIDKEY('page_id')))) { |
35 |
$admin->print_header(); |
|
35 | 36 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/index.php'); |
36 | 37 |
} |
37 | 38 |
} |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1734');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1735');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/framework/SecureForm.mtab.php | ||
---|---|---|
301 | 301 |
$key = md5($this->_salt.rand().uniqid('', true)); |
302 | 302 |
|
303 | 303 |
//shorten hash a bit |
304 |
$key = str_replace(array("=","$","+"),array("-","_",""),base64_encode(pack('H*',$key)));
|
|
304 |
$key = str_replace(array("=","$","+","/"),array("","","",""),base64_encode(pack('H*',$key)));
|
|
305 | 305 |
|
306 | 306 |
// the key is unique, so store it in list |
307 | 307 |
if( !array_key_exists($key, $_SESSION[$this->_idkey_name])) { |
Also available in: Unified diff