Project

General

Profile

« Previous | Next » 

Revision 1832

Added by Dietmar almost 12 years ago

  1. security Application error message fix in search/search.php

View differences:

branches/2.8.x/CHANGELOG
13 13

  
14 14

  
15 15

  
16
09 Dez-2012 Build 1832 Dietmar Woellbrink (Luisehahne)
17
# security Application error message fix in search/search.php
16 18
05 Dez-2012 Build 1831 Dietmar Woellbrink (Luisehahne)
17 19
# fixed dragdrop for pages overview
18 20
22 Nov-2012 Build 1830 Dietmar Woellbrink (Luisehahne)
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1831');
54
if(!defined('REVISION')) define('REVISION', '1832');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/search/search.php
15 15
 *
16 16
 */
17 17

  
18
// Must include code to stop this file being access directly
19
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24
/* -------------------------------------------------------- */
20 25

  
21 26
// Check if search is enabled
22 27
if(SHOW_SEARCH != true) {
......
132 137
// use "%/en/" (or "%/en/, %/info", ...) to get the old behavior
133 138
$search_path_SQL = '';
134 139
$search_path = '';
140
// solve $_REQUEST['search_path' to be string
141
if(isset($_REQUEST['search_path']) && is_array($_REQUEST['search_path'])) {
142
    $_REQUEST['search_path'] = implode(",", $_REQUEST['search_path']);
143
}
135 144
if(isset($_REQUEST['search_path'])) {
136 145
	$search_path = addslashes(htmlspecialchars(strip_tags($wb->strip_slashes($_REQUEST['search_path'])), ENT_QUOTES));
137 146
	if(!preg_match('~^%?[-a-zA-Z0-9_,/ ]+$~', $search_path))
......
269 278
$search_results_footer = str_replace($vars, $values, ($fetch_results_footer['value']));
270 279

  
271 280
// Do extra vars/values replacement
272
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]', '[REFERRER_ID]', '[SEARCH_PATH]');
281
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]', '[REFERRER]', '[SEARCH_PATH]');
273 282
$values = array($search_display_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked, REFERRER_ID, $search_path);
274 283
$search_header = str_replace($vars, $values, ($fetch_header['value']));
275 284
$vars = array('[TEXT_NO_RESULTS]');

Also available in: Unified diff