Revision 1777
Added by Dietmar about 12 years ago
save.php | ||
---|---|---|
58 | 58 |
} |
59 | 59 |
} |
60 | 60 |
|
61 |
if(isset($_POST['wbmailer_routine']) && ($_POST['wbmailer_routine']=='smtp')) {
|
|
61 |
if($admin->StripCodeFromText($admin->get_post('wbmailer_routine'))=='smtp') {
|
|
62 | 62 |
|
63 |
$checkSmtpHost = (isset($_POST['wbmailer_smtp_host']) && ($_POST['wbmailer_smtp_host']=='') ? false : true); |
|
64 |
$checkSmtpUser = (isset($_POST['wbmailer_smtp_username']) && ($_POST['wbmailer_smtp_username']=='') ? false : true); |
|
65 |
$checkSmtpPassword = (isset($_POST['wbmailer_smtp_password']) && ($_POST['wbmailer_smtp_password']=='') ? false : true); |
|
63 |
$checkSmtpHost = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_host'))=='') ? false : true); |
|
64 |
// $checkSmtpHost = (isset($_POST['wbmailer_smtp_host']) && ($_POST['wbmailer_smtp_host']=='') ? false : true); |
|
65 |
$checkSmtpUser = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_username'))=='') ? false : true); |
|
66 |
// $checkSmtpUser = (isset($_POST['wbmailer_smtp_username']) && ($_POST['wbmailer_smtp_username']=='') ? false : true); |
|
67 |
$checkSmtpPassword = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_password'))=='') ? false : true); |
|
68 |
// $checkSmtpPassword = (isset($_POST['wbmailer_smtp_password']) && ($_POST['wbmailer_smtp_password']=='') ? false : true); |
|
69 |
|
|
66 | 70 |
if(!$checkSmtpHost || !$checkSmtpUser || !$checkSmtpPassword) { |
67 | 71 |
$admin->print_error($TEXT['REQUIRED'].' '.$TEXT['WBMAILER_SMTP_AUTH']. |
68 | 72 |
'<br /><strong>'.$MESSAGE['GENERIC_FILL_IN_ALL'].'</strong>', $js_back); |
... | ... | |
73 | 77 |
// Work-out file mode |
74 | 78 |
if($advanced == '') |
75 | 79 |
{ |
80 |
$file_mode = STRING_FILE_MODE; |
|
81 |
$dir_mode = STRING_DIR_MODE; |
|
76 | 82 |
// Check if should be set to 777 or left alone |
77 |
if(isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true') |
|
78 |
{ |
|
79 |
$file_mode = '0777'; |
|
80 |
$dir_mode = '0777'; |
|
81 |
} else { |
|
82 |
$file_mode = STRING_FILE_MODE; |
|
83 |
$dir_mode = STRING_DIR_MODE; |
|
84 |
} |
|
83 |
// if(isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true')
|
|
84 |
// {
|
|
85 |
// $file_mode = '0777';
|
|
86 |
// $dir_mode = '0777';
|
|
87 |
// } else {
|
|
88 |
// $file_mode = STRING_FILE_MODE;
|
|
89 |
// $dir_mode = STRING_DIR_MODE;
|
|
90 |
// }
|
|
85 | 91 |
} else { |
86 | 92 |
$file_mode = STRING_FILE_MODE; |
87 | 93 |
$dir_mode = STRING_DIR_MODE; |
... | ... | |
154 | 160 |
} |
155 | 161 |
} |
156 | 162 |
|
157 |
$allow_tags_in_fields = array('website_header', 'website_footer','website_signature'); |
|
158 |
$allow_empty_values = array('website_header','website_footer','pages_directory','page_spacer','website_signature,page_icon_dir','modules_upgrade_list'); |
|
159 |
$disallow_in_fields = array('pages_directory', 'media_directory','wb_version'); |
|
163 |
$allow_tags_in_fields = array( |
|
164 |
'website_header', |
|
165 |
'website_footer', |
|
166 |
'website_signature' |
|
167 |
); |
|
168 |
$allow_empty_values = array( |
|
169 |
'website_header', |
|
170 |
'website_footer', |
|
171 |
'website_signature', |
|
172 |
'wysiwyg_style', |
|
173 |
'pages_directory', |
|
174 |
'page_icon_dir', |
|
175 |
'rename_files_on_upload', |
|
176 |
'page_spacer', |
|
177 |
'website_signature', |
|
178 |
'page_icon_dir', |
|
179 |
'modules_upgrade_list' |
|
180 |
); |
|
181 |
$disallow_in_fields = array( |
|
182 |
'pages_directory', |
|
183 |
'media_directory', |
|
184 |
'wb_version' |
|
185 |
); |
|
186 |
$StripCodeFromInput = array( |
|
187 |
'website_title', |
|
188 |
'website_description', |
|
189 |
'website_keywords', |
|
190 |
'wysiwyg_style', |
|
191 |
'search_module_order', |
|
192 |
'search_max_excerpt', |
|
193 |
'search_time_limit', |
|
194 |
'pages_directory', |
|
195 |
'page_icon_dir', |
|
196 |
'media_directory', |
|
197 |
'page_extension', |
|
198 |
'rename_files_on_upload', |
|
199 |
'page_spacer', |
|
200 |
'page_icon_dir', |
|
201 |
'modules_upgrade_list' |
|
202 |
); |
|
160 | 203 |
|
161 | 204 |
$bRebuildAccessFiles = ( (isset( $_POST['rebuild_access_files']) && ( $_POST['rebuild_access_files'] == true )) ? true : false ) ; |
162 | 205 |
|
... | ... | |
189 | 232 |
$passed = true; |
190 | 233 |
break; |
191 | 234 |
case 'sec_anchor': |
235 |
$value = $admin->StripCodeFromText($value); |
|
192 | 236 |
$value=(($value=='') ? 'section_' : $value); |
193 | 237 |
$passed = true; |
194 | 238 |
break; |
195 | 239 |
case 'pages_directory': |
240 |
$value = $admin->StripCodeFromText($value); |
|
196 | 241 |
$bNewPageFile = ( ( $value!= $old_settings['pages_directory'] ) ? true : false ); |
197 | 242 |
$passed = $bNewPageFile; |
198 | 243 |
$sGetId = '&id='.$bNewPageFile; |
... | ... | |
208 | 253 |
$passed = true; |
209 | 254 |
break; |
210 | 255 |
default : |
211 |
$passed = in_array($setting_name, $allow_empty_values); |
|
256 |
$passed = in_array($setting_name, $allow_empty_values); |
|
257 |
if(in_array($setting_name, $StripCodeFromInput) ) { |
|
258 |
$value = $admin->StripCodeFromText($value); |
|
259 |
} |
|
212 | 260 |
break; |
213 | 261 |
} |
214 | 262 |
|
215 |
|
|
216 | 263 |
if (!in_array($setting_name, $allow_tags_in_fields)) |
217 | 264 |
{ |
218 | 265 |
$value = strip_tags($value); |
... | ... | |
222 | 269 |
{ |
223 | 270 |
$value = trim($admin->add_slashes($value)); |
224 | 271 |
$sql = 'UPDATE `'.TABLE_PREFIX.'settings` '; |
225 |
$sql .= 'SET `value` = \''.$value.'\' ';
|
|
272 |
$sql .= 'SET `value` = \''.($value).'\' '; // mysql_escape_string
|
|
226 | 273 |
$sql .= 'WHERE `name` != \'wb_version\' '; |
227 | 274 |
$sql .= 'AND `name` = \''.$setting_name.'\' '; |
228 | 275 |
if (!$database->query($sql)) |
... | ... | |
241 | 288 |
} |
242 | 289 |
|
243 | 290 |
} |
291 |
$StripCodeFromISearch = array( |
|
292 |
'search_module_order', |
|
293 |
'search_max_excerpt', |
|
294 |
'search_time_limit', |
|
295 |
); |
|
244 | 296 |
|
245 | 297 |
// Query current search settings in the db, then loop through them and update the db with the new value |
246 | 298 |
$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'search` '; |
... | ... | |
255 | 307 |
{ |
256 | 308 |
$old_value = $search_setting['value']; |
257 | 309 |
$setting_name = $search_setting['name']; |
258 |
$post_name = 'search_'.$search_setting['name'];
|
|
310 |
$post_name = 'search_'.$setting_name;
|
|
259 | 311 |
|
260 | 312 |
// hold old value if post is empty |
261 | 313 |
// check search template |
262 |
$value = ( ($admin->get_post($post_name) == '') && ($setting_name != 'template') ) ? $old_value : $admin->get_post($post_name); |
|
314 |
$value = ($admin->get_post($post_name)); |
|
315 |
if(in_array($post_name, $StripCodeFromISearch) ) { |
|
316 |
$value = $admin->StripCodeFromText($value); |
|
317 |
} |
|
318 |
$value = ( ($value == '') && ($setting_name != 'template') ) ? $old_value : $value; |
|
263 | 319 |
// $value = ( ($admin->get_post($post_name) == '') && ($setting_name == 'template') ) ? DEFAULT_TEMPLATE : $admin->get_post($post_name); |
264 | 320 |
if(isset($value)) |
265 | 321 |
{ |
Also available in: Unified diff
+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates