/ - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1832

Added by Dietmar almost 12 years ago

security Application error message fix in search/search.php

 Dez-2012 Build 1832 Dietmar Woellbrink (Luisehahne)
     # security Application error message fix in search/search.php
 Dez-2012 Build 1831 Dietmar Woellbrink (Luisehahne)
     # fixed dragdrop for pages overview
 Nov-2012 Build 1830 Dietmar Woellbrink (Luisehahne)

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.3');
54		if(!defined('REVISION')) define('REVISION', '1831');
	54	if(!defined('REVISION')) define('REVISION', '1832');
55	55	if(!defined('SP')) define('SP', '');

+     *
      */
     // Must include code to stop this file being access directly
     if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
     /* -------------------------------------------------------- */
     // Must include code to stop this file being accessed directly
     if(!defined('WB_PATH')) {
     	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
     	throw new IllegalFileException();
+    }
     /* -------------------------------------------------------- */
     // Check if search is enabled
     if(SHOW_SEARCH != true) {
-...
     // use "%/en/" (or "%/en/, %/info", ...) to get the old behavior
     $search_path_SQL = '';
     $search_path = '';
     // solve $_REQUEST['search_path' to be string
     if(isset($_REQUEST['search_path']) && is_array($_REQUEST['search_path'])) {
         $_REQUEST['search_path'] = implode(",", $_REQUEST['search_path']);
+    }
     if(isset($_REQUEST['search_path'])) {
     	$search_path = addslashes(htmlspecialchars(strip_tags($wb->strip_slashes($_REQUEST['search_path'])), ENT_QUOTES));
     	if(!preg_match('~^%?[-a-zA-Z0-9_,/ ]+$~', $search_path))
-...
     $search_results_footer = str_replace($vars, $values, ($fetch_results_footer['value']));
     // Do extra vars/values replacement
     $vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]', '[REFERRER_ID]', '[SEARCH_PATH]');
     $vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]', '[REFERRER]', '[SEARCH_PATH]');
     $values = array($search_display_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked, REFERRER_ID, $search_path);
     $search_header = str_replace($vars, $values, ($fetch_header['value']));
     $vars = array('[TEXT_NO_RESULTS]');

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1832

Added by Dietmar almost 12 years ago