Project

General

Profile

« Previous | Next » 

Revision 1777

Added by Dietmar about 12 years ago

+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates

View differences:

details.php
18 18

  
19 19
/* -------------------------------------------------------- */
20 20
// Must include code to stop this file being accessed directly
21
if(defined('WB_PATH') == false)
22
{
23
	// Stop this file being access directly
24
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
21
if(!defined('WB_PATH')) {
22
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
23
	throw new IllegalFileException();
25 24
}
26 25
/* -------------------------------------------------------- */
27 26

  
28 27
// Get entered values
29
	$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
30
	$language = $wb->get_post('language');
31
	$timezone = $wb->get_post('timezone')*60*60;
32
	$date_format = $wb->get_post('date_format');
33
	$time_format = $wb->get_post('time_format');
28
	$display_name = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
29
	$language = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
30
	$timezone = intval($wb->StripCodeFromText($wb->get_post('timezone')))*60*60;
31
	$date_format = strip_tags($wb->StripCodeFromText($wb->get_post('date_format')));
32
	$time_format = strip_tags($wb->StripCodeFromText($wb->get_post('time_format')));
34 33

  
35 34
// Update the database
36 35
// $database = new database();
......
46 45
		$success[] = $MOD_PREFERENCE['DETAILS_SAVED'];
47 46
		$_SESSION['DISPLAY_NAME'] = $display_name;
48 47
		$_SESSION['LANGUAGE'] = $language;
48
		$_SESSION['TIME_FORMAT'] = $time_format;
49
		$_SESSION['DATE_FORMAT'] = $date_format;
49 50
		$_SESSION['TIMEZONE'] = $timezone;
50
		$_SESSION['HTTP_REFERER'] = (($_SESSION['LANGUAGE']== LANGUAGE) ? $_SESSION['HTTP_REFERER'] : WB_URL);
51 51
// Update date format
52 52
		if($date_format != '') {
53 53
			$_SESSION['DATE_FORMAT'] = $date_format;

Also available in: Unified diff