Revision 656
Added by thorn almost 17 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 14 | 14 |
01-Feb-2008 Christian Sommer |
| 15 | 15 |
# Added default index.php to all folders to prevent directory spoofing |
| 16 | 16 |
01-Feb-2008 Thomas Hornik |
| 17 |
# Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF']. |
|
| 17 | 18 |
# Fixed possible XSS-vulnerability in wb/search/search.php |
| 18 | 19 |
31-Jan-2008 Thomas Hornik |
| 19 | 20 |
! Adjusted clock-red icon to match wb colors |
| trunk/wb/include/captcha/captchas/text.php | ||
|---|---|---|
| 39 | 39 |
$table = TABLE_PREFIX.'mod_captcha_control'; |
| 40 | 40 |
if($query = $database->query("SELECT ct_text FROM $table")) {
|
| 41 | 41 |
$data = $query->fetchRow(); |
| 42 |
$text_qa = $admin->strip_slashes($data['ct_text']);
|
|
| 42 |
$text_qa = $data['ct_text'];
|
|
| 43 | 43 |
} |
| 44 | 44 |
$content = explode("\n", $text_qa);
|
| 45 | 45 |
|
| ... | ... | |
| 47 | 47 |
while($s = current($content)) {
|
| 48 | 48 |
// get question |
| 49 | 49 |
$s=trim(rtrim(rtrim($s,"\n"),"\r")); // remove newline |
| 50 |
$s=$admin->strip_slashes($s); |
|
| 51 | 50 |
if($s=='' OR $s{0}!='?') {
|
| 52 | 51 |
next($content); |
| 53 | 52 |
continue; |
| ... | ... | |
| 66 | 65 |
// get answer |
| 67 | 66 |
$s=next($content); |
| 68 | 67 |
$s=trim(rtrim(rtrim($s,"\n"),"\r")); // remove newline |
| 69 |
$s=$admin->strip_slashes($s); |
|
| 70 | 68 |
if(isset($s{0}) && $s{0}=='!') {
|
| 71 | 69 |
$a=substr($s,1); |
| 72 | 70 |
$qa[$lang][$q]=$a; |
| trunk/wb/admin/groups/save.php | ||
|---|---|---|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
// Gather details entered |
| 43 |
$group_name = $admin->get_post('group_name');
|
|
| 43 |
$group_name = $admin->get_post_escaped('group_name');
|
|
| 44 | 44 |
|
| 45 | 45 |
// Create a javascript back link |
| 46 | 46 |
$js_back = "javascript: history.go(-1);"; |
| trunk/wb/admin/groups/groups.php | ||
|---|---|---|
| 30 | 30 |
// Create new database object |
| 31 | 31 |
$database = new database(); |
| 32 | 32 |
|
| 33 |
if(!isset($_POST['action']) OR $_POST['action'] != "modify" AND $_POST['action'] != "delete") {
|
|
| 33 |
if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) {
|
|
| 34 | 34 |
header("Location: index.php");
|
| 35 | 35 |
exit(0); |
| 36 | 36 |
} |
| trunk/wb/admin/pages/sections_save.php | ||
|---|---|---|
| 106 | 106 |
} |
| 107 | 107 |
if($sql != '') |
| 108 | 108 |
$sql .= ","; |
| 109 |
$sql .= " publ_start = '".$publ_start."'";
|
|
| 110 |
$sql .= ", publ_end = '".$publ_end."'";
|
|
| 109 |
$sql .= " publ_start = '".$admin->add_slashes($publ_start)."'";
|
|
| 110 |
$sql .= ", publ_end = '".$admin->add_slashes($publ_end)."'";
|
|
| 111 | 111 |
} |
| 112 | 112 |
$query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id' LIMIT 1"; |
| 113 | 113 |
if($sql != '') {
|
| trunk/wb/admin/pages/settings2.php | ||
|---|---|---|
| 41 | 41 |
|
| 42 | 42 |
// Get values |
| 43 | 43 |
$page_title = $admin->get_post_escaped('page_title');
|
| 44 |
$page_title = my_htmlspecialchars($page_title);
|
|
| 44 |
$page_title = htmlspecialchars($page_title); |
|
| 45 | 45 |
$menu_title = $admin->get_post_escaped('menu_title');
|
| 46 |
$menu_title = my_htmlspecialchars($menu_title);
|
|
| 47 |
$description = my_htmlspecialchars($admin->add_slashes($admin->get_post('description')));
|
|
| 48 |
$keywords = my_htmlspecialchars($admin->add_slashes($admin->get_post('keywords')));
|
|
| 49 |
$parent = $admin->get_post('parent');
|
|
| 50 |
$visibility = $admin->get_post('visibility');
|
|
| 51 |
$template = $admin->get_post('template');
|
|
| 52 |
$target = $admin->get_post('target');
|
|
| 53 |
$admin_groups = $admin->get_post('admin_groups');
|
|
| 54 |
$viewing_groups = $admin->get_post('viewing_groups');
|
|
| 55 |
$searching = $admin->get_post('searching');
|
|
| 56 |
$language = $admin->get_post('language');
|
|
| 57 |
$menu = $admin->get_post('menu');
|
|
| 46 |
$menu_title = htmlspecialchars($menu_title); |
|
| 47 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')));
|
|
| 48 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')));
|
|
| 49 |
$parent = $admin->get_post_escaped('parent');
|
|
| 50 |
$visibility = $admin->get_post_escaped('visibility');
|
|
| 51 |
$template = $admin->get_post_escaped('template');
|
|
| 52 |
$target = $admin->get_post_escaped('target');
|
|
| 53 |
$admin_groups = $admin->get_post_escaped('admin_groups');
|
|
| 54 |
$viewing_groups = $admin->get_post_escaped('viewing_groups');
|
|
| 55 |
$searching = $admin->get_post_escaped('searching');
|
|
| 56 |
$language = $admin->get_post_escaped('language');
|
|
| 57 |
$menu = $admin->get_post_escaped('menu');
|
|
| 58 | 58 |
|
| 59 | 59 |
// Validate data |
| 60 | 60 |
if($page_title == '' || substr($page_title,0,1)=='.') {
|
| trunk/wb/admin/pages/sections.php | ||
|---|---|---|
| 70 | 70 |
} |
| 71 | 71 |
} elseif(isset($_POST['module']) AND $_POST['module'] != '') {
|
| 72 | 72 |
// Get section info |
| 73 |
$module = $_POST['module'];
|
|
| 73 |
$module = $admin->add_slashes($_POST['module']);
|
|
| 74 | 74 |
// Include the ordering class |
| 75 | 75 |
require(WB_PATH.'/framework/class.order.php'); |
| 76 | 76 |
// Get new order |
| trunk/wb/admin/users/save.php | ||
|---|---|---|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
// Gather details entered |
| 43 |
$groups_id = (isset($_POST['groups'])) ? $groups_id = implode(",", $_POST['groups']) : '';
|
|
| 44 |
$active = $_POST['active'][0];
|
|
| 45 |
$username_fieldname = $admin->get_post('username_fieldname');
|
|
| 46 |
$username = strtolower($admin->get_post($username_fieldname)); |
|
| 43 |
$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
|
|
| 44 |
$active = $admin->add_slashes($_POST['active'][0]);
|
|
| 45 |
$username_fieldname = $admin->get_post_escaped('username_fieldname');
|
|
| 46 |
$username = strtolower($admin->get_post_escaped($username_fieldname));
|
|
| 47 | 47 |
$password = $admin->get_post('password');
|
| 48 | 48 |
$password2 = $admin->get_post('password2');
|
| 49 |
$display_name = $admin->get_post('display_name');
|
|
| 50 |
$email = $admin->get_post('email');
|
|
| 51 |
$home_folder = $admin->get_post('home_folder');
|
|
| 49 |
$display_name = $admin->get_post_escaped('display_name');
|
|
| 50 |
$email = $admin->get_post_escaped('email');
|
|
| 51 |
$home_folder = $admin->get_post_escaped('home_folder');
|
|
| 52 | 52 |
|
| 53 | 53 |
// Create a javascript back link |
| 54 | 54 |
$js_back = "javascript: history.go(-1);"; |
| trunk/wb/admin/users/users.php | ||
|---|---|---|
| 30 | 30 |
// Create new database object |
| 31 | 31 |
$database = new database(); |
| 32 | 32 |
|
| 33 |
if(!isset($_POST['action']) OR $_POST['action'] != "modify" AND $_POST['action'] != "delete") {
|
|
| 33 |
if(!isset($_POST['action']) OR ($_POST['action'] != "modify" AND $_POST['action'] != "delete")) {
|
|
| 34 | 34 |
header("Location: index.php");
|
| 35 | 35 |
exit(0); |
| 36 | 36 |
} |
| trunk/wb/admin/users/add.php | ||
|---|---|---|
| 32 | 32 |
$database = new database(); |
| 33 | 33 |
|
| 34 | 34 |
// Get details entered |
| 35 |
$groups_id = implode(",", $_POST['groups']); //should check permissions
|
|
| 36 |
$active = $_POST['active'][0];
|
|
| 37 |
$username_fieldname = $admin->get_post('username_fieldname');
|
|
| 38 |
$username = strtolower($admin->get_post($username_fieldname)); |
|
| 35 |
$groups_id = implode(",", $admin->add_slashes($_POST['groups'])); //should check permissions
|
|
| 36 |
$active = $admin->add_slashes($_POST['active'][0]);
|
|
| 37 |
$username_fieldname = $admin->get_post_escaped('username_fieldname');
|
|
| 38 |
$username = strtolower($admin->get_post_escaped($username_fieldname));
|
|
| 39 | 39 |
$password = $admin->get_post('password');
|
| 40 | 40 |
$password2 = $admin->get_post('password2');
|
| 41 |
$display_name = $admin->get_post('display_name');
|
|
| 42 |
$email = $admin->get_post('email');
|
|
| 43 |
$home_folder = $admin->get_post('home_folder');
|
|
| 41 |
$display_name = $admin->get_post_escaped('display_name');
|
|
| 42 |
$email = $admin->get_post_escaped('email');
|
|
| 43 |
$home_folder = $admin->get_post_escaped('home_folder');
|
|
| 44 | 44 |
$default_language = DEFAULT_LANGUAGE; |
| 45 | 45 |
|
| 46 | 46 |
// Create a javascript back link |
| trunk/wb/admin/modules/uninstall.php | ||
|---|---|---|
| 23 | 23 |
|
| 24 | 24 |
*/ |
| 25 | 25 |
|
| 26 |
// Setup admin object |
|
| 27 |
require('../../config.php');
|
|
| 28 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 29 |
$admin = new admin('Addons', 'modules_uninstall');
|
|
| 30 |
|
|
| 26 | 31 |
// Check if user selected module |
| 27 | 32 |
if(!isset($_POST['file']) OR $_POST['file'] == "") {
|
| 28 | 33 |
header("Location: index.php");
|
| 29 | 34 |
exit(0); |
| 30 | 35 |
} else {
|
| 31 |
$file = $_POST['file'];
|
|
| 36 |
$file = $admin->add_slashes($_POST['file']);
|
|
| 32 | 37 |
} |
| 33 | 38 |
|
| 34 | 39 |
// Extra protection |
| ... | ... | |
| 37 | 42 |
exit(0); |
| 38 | 43 |
} |
| 39 | 44 |
|
| 40 |
// Setup admin object |
|
| 41 |
require('../../config.php');
|
|
| 42 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 43 |
$admin = new admin('Addons', 'modules_uninstall');
|
|
| 44 |
|
|
| 45 | 45 |
// Include the WB functions file |
| 46 | 46 |
require_once(WB_PATH.'/framework/functions.php'); |
| 47 | 47 |
|
| trunk/wb/admin/modules/details.php | ||
|---|---|---|
| 27 | 27 |
require('../../config.php');
|
| 28 | 28 |
require_once(WB_PATH .'/framework/functions.php'); |
| 29 | 29 |
|
| 30 |
// Print admin header |
|
| 31 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 32 |
$admin = new admin('Addons', 'modules_view');
|
|
| 33 |
|
|
| 30 | 34 |
// Get module name |
| 31 | 35 |
if(!isset($_POST['file']) OR $_POST['file'] == "") {
|
| 32 | 36 |
header("Location: index.php");
|
| 33 | 37 |
exit(0); |
| 34 | 38 |
} else {
|
| 35 |
$file = $_POST['file'];
|
|
| 39 |
$file = $admin->add_slashes($_POST['file']);
|
|
| 36 | 40 |
} |
| 37 | 41 |
|
| 38 | 42 |
// Check if the module exists |
| ... | ... | |
| 41 | 45 |
exit(0); |
| 42 | 46 |
} |
| 43 | 47 |
|
| 44 |
// Print admin header |
|
| 45 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 46 |
$admin = new admin('Addons', 'modules_view');
|
|
| 47 |
|
|
| 48 | 48 |
// Setup module object |
| 49 | 49 |
$template = new Template(ADMIN_PATH.'/modules'); |
| 50 | 50 |
$template->set_file('page', 'details.html');
|
| trunk/wb/admin/admintools/tool.php | ||
|---|---|---|
| 35 | 35 |
} |
| 36 | 36 |
|
| 37 | 37 |
// Check if tool is installed |
| 38 |
$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND function = 'tool' AND directory = '".$_GET['tool']."'");
|
|
| 38 |
$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND function = 'tool' AND directory = '".$admin->add_slashes($_GET['tool'])."'");
|
|
| 39 | 39 |
if($result->numRows() == 0) {
|
| 40 | 40 |
header("Location: index.php");
|
| 41 | 41 |
exit(0); |
| trunk/wb/account/details.php | ||
|---|---|---|
| 30 | 30 |
|
| 31 | 31 |
// Get entered values |
| 32 | 32 |
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
|
| 33 |
$language = $wb->get_post('language');
|
|
| 34 |
$timezone = $wb->get_post('timezone')*60*60;
|
|
| 35 |
$date_format = $wb->get_post('date_format');
|
|
| 36 |
$time_format = $wb->get_post('time_format');
|
|
| 33 |
$language = $wb->get_post_escaped('language');
|
|
| 34 |
$timezone = $wb->get_post_escaped('timezone')*60*60;
|
|
| 35 |
$date_format = $wb->get_post_escaped('date_format');
|
|
| 36 |
$time_format = $wb->get_post_escaped('time_format');
|
|
| 37 | 37 |
|
| 38 | 38 |
// Create a javascript back link |
| 39 | 39 |
$js_back = "javascript: history.go(-1);"; |
| trunk/wb/account/signup2.php | ||
|---|---|---|
| 37 | 37 |
// Get details entered |
| 38 | 38 |
$group_id = FRONTEND_SIGNUP; |
| 39 | 39 |
$active = 1; |
| 40 |
$username = strtolower($wb->add_slashes(strip_tags($wb->get_post('username'))));
|
|
| 41 |
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
|
|
| 40 |
$username = strtolower(strip_tags($wb->get_post_escaped('username')));
|
|
| 41 |
$display_name = strip_tags($wb->get_post_escaped('display_name'));
|
|
| 42 | 42 |
$email = $wb->get_post('email');
|
| 43 | 43 |
|
| 44 | 44 |
// Create a javascript back link |
| ... | ... | |
| 94 | 94 |
} |
| 95 | 95 |
|
| 96 | 96 |
// Check if the email already exists |
| 97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$email'");
|
|
| 97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$wb->add_slashes($email'");
|
|
| 98 | 98 |
if($results->numRows() > 0) {
|
| 99 | 99 |
if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
|
| 100 | 100 |
$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); |
| trunk/wb/framework/class.admin.php | ||
|---|---|---|
| 101 | 101 |
$view_url = WB_URL; |
| 102 | 102 |
if(isset($_GET['page_id'])) {
|
| 103 | 103 |
// extract page link from the database |
| 104 |
$result = @$database->query("SELECT link FROM " .TABLE_PREFIX ."pages WHERE page_id = '" .(int) $_GET['page_id'] ."'");
|
|
| 104 |
$result = @$database->query("SELECT link FROM " .TABLE_PREFIX ."pages WHERE page_id = '" .(int) addslashes($_GET['page_id']) ."'");
|
|
| 105 | 105 |
$row = @$result->fetchRow(); |
| 106 | 106 |
if($row) $view_url .= PAGES_DIRECTORY .$row['link']. PAGE_EXTENSION; |
| 107 | 107 |
} |
| ... | ... | |
| 311 | 311 |
if(isset($_GET['tool'])) {
|
| 312 | 312 |
// check if displayed page contains a installed admin tool |
| 313 | 313 |
$result = $database->query("SELECT * FROM " .TABLE_PREFIX ."addons
|
| 314 |
WHERE type = 'module' AND function = 'tool' AND directory = '".$_GET['tool']."'");
|
|
| 314 |
WHERE type = 'module' AND function = 'tool' AND directory = '".addslashes($_GET['tool'])."'");
|
|
| 315 | 315 |
|
| 316 | 316 |
if($result->numRows()) {
|
| 317 | 317 |
// check if admin tool directory contains a backend.js or backend.css file to include |
| ... | ... | |
| 323 | 323 |
} |
| 324 | 324 |
} elseif(isset($_GET['page_id'])) {
|
| 325 | 325 |
// check if displayed page in the backend contains a page module |
| 326 |
$page_id = (int) $_GET['page_id'];
|
|
| 326 |
$page_id = (int) addslashes($_GET['page_id']);
|
|
| 327 | 327 |
|
| 328 | 328 |
// gather information for all models embedded on actual page |
| 329 | 329 |
$query_modules = $database->query("SELECT module FROM " .TABLE_PREFIX ."sections
|
| trunk/wb/framework/class.wb.php | ||
|---|---|---|
| 137 | 137 |
} |
| 138 | 138 |
|
| 139 | 139 |
// Ditto for stripslashes |
| 140 |
// Attn: this is _not_ the counterpart to $this->add_slashes() ! |
|
| 141 |
// Use stripslashes() to undo a preliminarily done $this->add_slashes() |
|
| 142 |
// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On |
|
| 140 | 143 |
function strip_slashes($input) {
|
| 141 | 144 |
if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
|
| 142 | 145 |
return $input; |
| trunk/wb/search/search.php | ||
|---|---|---|
| 127 | 127 |
$string = $wb->strip_slashes($string); |
| 128 | 128 |
$string = htmlspecialchars($string); |
| 129 | 129 |
$search_display_string = $string; |
| 130 |
// do really addslashes() |
|
| 131 |
$string = $wb->add_slashes($string); |
|
| 130 |
$string = addslashes($string); |
|
| 132 | 131 |
// remove some bad chars |
| 133 | 132 |
$string = preg_replace("/(^|\s+)([.])+(?=\s+|$)/", "", $string);
|
| 134 | 133 |
// mySQL needs four backslashes to match one in LIKE comparisons) |
| trunk/wb/search/index.php | ||
|---|---|---|
| 51 | 51 |
unset($template); |
| 52 | 52 |
|
| 53 | 53 |
//Get the referrer page ID if it exists |
| 54 |
if(isset($_REQUEST['referrer']) && intval($_REQUEST['referrer']) > 0) {
|
|
| 54 |
if(isset($_REQUEST['referrer']) && is_numeric($_REQUEST['referrer']) && intval($_REQUEST['referrer']) > 0) {
|
|
| 55 | 55 |
define('REFERRER_ID', intval($_REQUEST['referrer']));
|
| 56 | 56 |
} else {
|
| 57 | 57 |
define('REFERRER_ID', 0);
|
| trunk/wb/modules/wrapper/save.php | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
// Update the mod_wrapper table with the contents |
| 33 | 33 |
if(isset($_POST['url'])) {
|
| 34 |
$url = $admin->add_slashes($_POST['url']);
|
|
| 34 |
$url = $admin->add_slashes(strip_tags($_POST['url']));
|
|
| 35 | 35 |
$height = $_POST['height']; |
| 36 | 36 |
if(!is_numeric($height)) {
|
| 37 | 37 |
$height = 400; |
| 38 | 38 |
} |
| 39 |
$database = new database(); |
|
| 40 | 39 |
$query = "UPDATE ".TABLE_PREFIX."mod_wrapper SET url = '$url', height = '$height' WHERE section_id = '$section_id'"; |
| 41 | 40 |
$database->query($query); |
| 42 | 41 |
} |
| trunk/wb/modules/menu_link/save.php | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
// Update id, anchor and target |
| 33 | 33 |
if(isset($_POST['page_link'])) {
|
| 34 |
$foreign_page_id = $_POST['page_link'];
|
|
| 35 |
$page_target = $_POST['page_target'];
|
|
| 36 |
$url_target = $_POST['target'];
|
|
| 34 |
$foreign_page_id = $admin->add_slashes($_POST['page_link']);
|
|
| 35 |
$page_target = $admin->add_slashes($_POST['page_target']);
|
|
| 36 |
$url_target = $admin->add_slashes($_POST['target']);
|
|
| 37 | 37 |
|
| 38 | 38 |
$table_pages = TABLE_PREFIX.'pages'; |
| 39 | 39 |
$table_mod = TABLE_PREFIX.'mod_menu_link'; |
| trunk/wb/modules/captcha_control/tool.php | ||
|---|---|---|
| 52 | 52 |
"); |
| 53 | 53 |
|
| 54 | 54 |
// save text-captchas |
| 55 |
if($_POST['captcha_type'] == 'text') { // ct_text
|
|
| 56 |
$text_qa=$_POST['text_qa'];
|
|
| 55 |
if($captcha_type == 'text') { // ct_text
|
|
| 56 |
$text_qa=$admin->add_slashes($_POST['text_qa']);
|
|
| 57 | 57 |
if(strpos($text_qa, '### example ###') === FALSE) {
|
| 58 |
$text_qa=$admin->add_slashes($text_qa); |
|
| 59 | 58 |
$database->query("UPDATE $table SET ct_text = '$text_qa'");
|
| 60 | 59 |
} |
| 61 | 60 |
} |
| ... | ... | |
| 76 | 75 |
$text_qa=''; |
| 77 | 76 |
if($query = $database->query("SELECT ct_text FROM $table")) {
|
| 78 | 77 |
$data = $query->fetchRow(); |
| 79 |
$text_qa = $admin->strip_slashes($data['ct_text']);
|
|
| 78 |
$text_qa = $data['ct_text'];
|
|
| 80 | 79 |
} |
| 81 | 80 |
if($text_qa == '') |
| 82 | 81 |
$text_qa = $MOD_CAPTCHA_CONTROL['CAPTCHA_TEXT_DESC']; |
| ... | ... | |
| 125 | 124 |
$data = $query->fetchRow(); |
| 126 | 125 |
$enabled_captcha = $data['enabled_captcha']; |
| 127 | 126 |
$enabled_asp = $data['enabled_asp']; |
| 128 |
$captcha_type = $admin->strip_slashes($data['captcha_type']);
|
|
| 127 |
$captcha_type = $data['captcha_type'];
|
|
| 129 | 128 |
} else {
|
| 130 | 129 |
// something went wrong, use dummy value |
| 131 | 130 |
$enabled_captcha = '1'; |
| trunk/wb/modules/form/edit_css.php | ||
|---|---|---|
| 93 | 93 |
} |
| 94 | 94 |
|
| 95 | 95 |
?> |
| 96 |
<form name="edit_module_file" action="<?php echo $_SERVER['PHP_SELF'] .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 96 |
<form name="edit_module_file" action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])) .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 97 | 97 |
<input type="hidden" name="section_id" value="<?php echo $section_id; ?>"> |
| 98 | 98 |
<input type="hidden" name="page_id" value="<?php echo $page_id; ?>"> |
| 99 | 99 |
<input type="hidden" name="css_codepress" value="" /> |
| trunk/wb/modules/form/save_field.php | ||
|---|---|---|
| 36 | 36 |
exit(0); |
| 37 | 37 |
} else {
|
| 38 | 38 |
$field_id = $_POST['field_id']; |
| 39 |
$field_id = $field_id; |
|
| 40 | 39 |
} |
| 41 | 40 |
|
| 42 | 41 |
// Include WB admin wrapper script |
| ... | ... | |
| 48 | 47 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$field_id); |
| 49 | 48 |
} else {
|
| 50 | 49 |
$title = $admin->add_slashes($admin->get_post('title'));
|
| 51 |
$type = $admin->get_post('type');
|
|
| 52 |
$required = $admin->get_post('required');
|
|
| 50 |
$type = $admin->add_slashes($admin->get_post('type'));
|
|
| 51 |
$required = $admin->add_slashes($admin->get_post('required'));
|
|
| 53 | 52 |
} |
| 54 | 53 |
$value = ''; |
| 55 | 54 |
|
| trunk/wb/modules/form/view.php | ||
|---|---|---|
| 124 | 124 |
|
| 125 | 125 |
// Add form starter code |
| 126 | 126 |
?> |
| 127 |
<form name="form" onsubmit="return formCheck(this);" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
|
|
| 127 |
<form name="form" onsubmit="return formCheck(this);" action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])); ?>" method="post">
|
|
| 128 | 128 |
<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" /> |
| 129 | 129 |
<?php |
| 130 | 130 |
|
| ... | ... | |
| 338 | 338 |
$email_from = $fetch_settings['email_from']; |
| 339 | 339 |
if(substr($email_from, 0, 5) == 'field') {
|
| 340 | 340 |
// Set the email from field to what the user entered in the specified field |
| 341 |
$email_from = $wb->add_slashes($_POST[$email_from]);
|
|
| 341 |
$email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from]));
|
|
| 342 | 342 |
} |
| 343 | 343 |
$email_fromname = $fetch_settings['email_fromname']; |
| 344 | 344 |
$email_subject = $fetch_settings['email_subject']; |
| ... | ... | |
| 346 | 346 |
$success_email_to = $fetch_settings['success_email_to']; |
| 347 | 347 |
if(substr($success_email_to, 0, 5) == 'field') {
|
| 348 | 348 |
// Set the success_email to field to what the user entered in the specified field |
| 349 |
$success_email_to = $wb->add_slashes($_POST[$success_email_to]);
|
|
| 349 |
$success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to]));
|
|
| 350 | 350 |
} |
| 351 | 351 |
$success_email_from = $fetch_settings['success_email_from']; |
| 352 | 352 |
$success_email_fromname = $fetch_settings['success_email_fromname']; |
| ... | ... | |
| 384 | 384 |
// Add to message body |
| 385 | 385 |
if($field['type'] != '') {
|
| 386 | 386 |
if(!empty($_POST['field'.$field['field_id']])) {
|
| 387 |
if(isset($captcha_error)) $_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
|
|
| 387 |
if(isset($captcha_error)) $_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
|
|
| 388 | 388 |
if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
|
| 389 | 389 |
$email_error = $MESSAGE['USERS']['INVALID_EMAIL']; |
| 390 | 390 |
} |
| trunk/wb/modules/form/save_settings.php | ||
|---|---|---|
| 41 | 41 |
$field_loop = $admin->add_slashes($_POST['field_loop']); |
| 42 | 42 |
$footer = $admin->add_slashes($_POST['footer']); |
| 43 | 43 |
$email_to = $admin->add_slashes($_POST['email_to']); |
| 44 |
$use_captcha = $_POST['use_captcha'];
|
|
| 44 |
$use_captcha = $admin->add_slashes($_POST['use_captcha']);
|
|
| 45 | 45 |
if($_POST['email_from_field'] == '') {
|
| 46 | 46 |
$email_from = $admin->add_slashes($_POST['email_from']); |
| 47 | 47 |
} else {
|
| ... | ... | |
| 49 | 49 |
} |
| 50 | 50 |
$email_fromname = $admin->add_slashes($_POST['email_fromname']); |
| 51 | 51 |
$email_subject = $admin->add_slashes($_POST['email_subject']); |
| 52 |
$success_page = $_POST['success_page'];
|
|
| 52 |
$success_page = $admin->add_slashes($_POST['success_page']);
|
|
| 53 | 53 |
$success_email_to = $admin->add_slashes($_POST['success_email_to']); |
| 54 | 54 |
$success_email_from = $admin->add_slashes($_POST['success_email_from']); |
| 55 | 55 |
$success_email_fromname = $admin->add_slashes($_POST['success_email_fromname']); |
| trunk/wb/modules/code/save.php | ||
|---|---|---|
| 33 | 33 |
if(isset($_POST['content'])) {
|
| 34 | 34 |
$tags = array('<?php', '?>' , '<?');
|
| 35 | 35 |
$content = $admin->add_slashes(str_replace($tags, '', $_POST['content'])); |
| 36 |
$database = new database(); |
|
| 37 | 36 |
$query = "UPDATE ".TABLE_PREFIX."mod_code SET content = '$content' WHERE section_id = '$section_id'"; |
| 38 | 37 |
$database->query($query); |
| 39 | 38 |
} |
| trunk/wb/modules/news/edit_css.php | ||
|---|---|---|
| 93 | 93 |
} |
| 94 | 94 |
|
| 95 | 95 |
?> |
| 96 |
<form name="edit_module_file" action="<?php echo $_SERVER['PHP_SELF'] .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 96 |
<form name="edit_module_file" action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])) .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 97 | 97 |
<input type="hidden" name="section_id" value="<?php echo $section_id; ?>"> |
| 98 | 98 |
<input type="hidden" name="page_id" value="<?php echo $page_id; ?>"> |
| 99 | 99 |
<input type="hidden" name="css_codepress" value="" /> |
| trunk/wb/modules/news/save_group.php | ||
|---|---|---|
| 44 | 44 |
if($admin->get_post('title') == '') {
|
| 45 | 45 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/news/modify_group.php?page_id='.$page_id.'§ion_id='.$section_id.'&group_id='.$group_id); |
| 46 | 46 |
} else {
|
| 47 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 48 |
$active = $admin->get_post('active');
|
|
| 47 |
$title = $admin->get_post_escaped('title');
|
|
| 48 |
$active = $admin->get_post_escaped('active');
|
|
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 | 51 |
// Update row |
| trunk/wb/modules/news/view.php | ||
|---|---|---|
| 167 | 167 |
if($query_extra != '') {
|
| 168 | 168 |
?> |
| 169 | 169 |
<div class="selected_group_title"> |
| 170 |
<?php echo '<a href="'.$_SERVER['PHP_SELF'].'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 170 |
<?php echo '<a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 171 | 171 |
</div> |
| 172 | 172 |
<?php |
| 173 | 173 |
} |
| trunk/wb/modules/news/save_settings.php | ||
|---|---|---|
| 41 | 41 |
$comments_loop = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_loop'])); |
| 42 | 42 |
$comments_footer = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_footer'])); |
| 43 | 43 |
$comments_page = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_page'])); |
| 44 |
$commenting = $_POST['commenting'];
|
|
| 45 |
$posts_per_page = $_POST['posts_per_page'];
|
|
| 46 |
$use_captcha = $_POST['use_captcha'];
|
|
| 44 |
$commenting = $admin->add_slashes($_POST['commenting']);
|
|
| 45 |
$posts_per_page = $admin->add_slashes($_POST['posts_per_page']);
|
|
| 46 |
$use_captcha = $admin->add_slashes($_POST['use_captcha']);
|
|
| 47 | 47 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) {
|
| 48 | 48 |
$resize = $_POST['resize']; |
| 49 | 49 |
} else {
|
| trunk/wb/modules/news/save_post.php | ||
|---|---|---|
| 44 | 44 |
if($admin->get_post('title') == '' AND $admin->get_post('url') == '') {
|
| 45 | 45 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'§ion_id='.$section_id.'&post_id='.$id); |
| 46 | 46 |
} else {
|
| 47 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 48 |
$short = $admin->add_slashes($admin->get_post('short'));
|
|
| 49 |
$long = $admin->add_slashes($admin->get_post('long'));
|
|
| 50 |
$commenting = $admin->get_post('commenting');
|
|
| 51 |
$active = $admin->get_post('active');
|
|
| 52 |
$old_link = $admin->get_post('link');
|
|
| 53 |
$group_id = $admin->get_post('group');
|
|
| 47 |
$title = $admin->get_post_escaped('title');
|
|
| 48 |
$short = $admin->get_post_escaped('short');
|
|
| 49 |
$long = $admin->get_post_escaped('long');
|
|
| 50 |
$commenting = $admin->get_post_escaped('commenting');
|
|
| 51 |
$active = $admin->get_post_escaped('active');
|
|
| 52 |
$old_link = $admin->get_post_escaped('link');
|
|
| 53 |
$group_id = $admin->get_post_escaped('group');
|
|
| 54 | 54 |
} |
| 55 | 55 |
|
| 56 | 56 |
// Get page link URL |
| ... | ... | |
| 103 | 103 |
} |
| 104 | 104 |
|
| 105 | 105 |
// get publisedwhen and publisheduntil |
| 106 |
$publishedwhen = jscalendar_to_timestamp($admin->get_post('publishdate'));
|
|
| 106 |
$publishedwhen = jscalendar_to_timestamp($admin->get_post_escaped('publishdate'));
|
|
| 107 | 107 |
if($publishedwhen == '' || $publishedwhen < 1) |
| 108 | 108 |
$publishedwhen=0; |
| 109 |
$publisheduntil = jscalendar_to_timestamp($admin->get_post('enddate'), $publishedwhen);
|
|
| 109 |
$publisheduntil = jscalendar_to_timestamp($admin->get_post_escaped('enddate'), $publishedwhen);
|
|
| 110 | 110 |
if($publisheduntil == '' || $publisheduntil < 1) |
| 111 | 111 |
$publisheduntil=0; |
| 112 | 112 |
|
| trunk/wb/modules/news/save_comment.php | ||
|---|---|---|
| 26 | 26 |
require('../../config.php');
|
| 27 | 27 |
|
| 28 | 28 |
// Get id |
| 29 |
if(!isset($_POST['comment_id']) OR !is_numeric($_POST['comment_id'])) {
|
|
| 29 |
if(!isset($_POST['comment_id']) OR !is_numeric($_POST['comment_id']) OR !isset($_POST['post_id']) OR !is_numeric($_POST['post_id'])) {
|
|
| 30 | 30 |
header("Location: ".ADMIN_URL."/pages/index.php");
|
| 31 | 31 |
exit(0); |
| 32 | 32 |
} else {
|
| ... | ... | |
| 41 | 41 |
if($admin->get_post('title') == '' AND $admin->get_post('comment') == '') {
|
| 42 | 42 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/news/modify_comment.php?page_id='.$page_id.'§ion_id='.$section_id.'comment_id='.$id); |
| 43 | 43 |
} else {
|
| 44 |
$title = $admin->add_slashes($admin->get_post('title'));
|
|
| 45 |
$comment = $admin->add_slashes($admin->get_post('comment'));
|
|
| 44 |
$title = strip_tags($admin->get_post_escaped('title'));
|
|
| 45 |
$comment = strip_tags($admin->get_post_escaped('comment'));
|
|
| 46 | 46 |
$post_id = $admin->get_post('post_id');
|
| 47 | 47 |
} |
| 48 | 48 |
|
| trunk/wb/modules/news/submit_comment.php | ||
|---|---|---|
| 30 | 30 |
$wb = new wb; |
| 31 | 31 |
|
| 32 | 32 |
// Check if we should show the form or add a comment |
| 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id'])
|
|
| 34 |
AND ( ENABLED_ASP AND isset($_POST['c0mment_'.date('W')]) AND $_POST['c0mment_'.date('W')] != '')
|
|
| 35 |
OR (!ENABLED_ASP AND isset($_POST['comment']) AND $_POST['comment'] != '')
|
|
| 33 |
if(isset($_GET['page_id']) AND is_numeric($_GET['page_id']) AND isset($_GET['section_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id'])
|
|
| 34 |
AND (( ENABLED_ASP AND isset($_POST['c0mment_'.date('W')]) AND $_POST['c0mment_'.date('W')] != '')
|
|
| 35 |
OR (!ENABLED_ASP AND isset($_POST['comment']) AND $_POST['comment'] != ''))
|
|
| 36 | 36 |
) {
|
| 37 | 37 |
|
| 38 | 38 |
if(ENABLED_ASP) |
| 39 | 39 |
$comment = $_POST['c0mment_'.date('W')];
|
| 40 | 40 |
else |
| 41 | 41 |
$comment = $_POST['comment']; |
| 42 |
|
|
| 42 |
$comment = $wb->add_slashes(strip_tags($comment)); |
|
| 43 |
$title = $wb->add_slashes(strip_tags($_POST['title'])); |
|
| 44 |
$page_id = $_GET['page_id']; |
|
| 45 |
$section_id = $_GET['section_id']; |
|
| 46 |
$post_id = $_GET['post_id']; |
|
| 47 |
|
|
| 43 | 48 |
// Check captcha |
| 44 |
$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".$_GET['section_id']."'");
|
|
| 49 |
$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
|
|
| 45 | 50 |
if($query_settings->numRows() == 0) {
|
| 46 | 51 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
| 47 | 52 |
} else {
|
| ... | ... | |
| 67 | 72 |
// Check for a mismatch |
| 68 | 73 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
| 69 | 74 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 70 |
$_SESSION['comment_title'] = $_POST['title'];
|
|
| 75 |
$_SESSION['comment_title'] = $title;
|
|
| 71 | 76 |
$_SESSION['comment_body'] = $comment; |
| 72 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
| 77 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id=$post_id&sid=$section_id"));
|
|
| 73 | 78 |
} |
| 74 | 79 |
} else {
|
| 75 | 80 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 76 |
$_SESSION['comment_title'] = $_POST['title'];
|
|
| 81 |
$_SESSION['comment_title'] = $title;
|
|
| 77 | 82 |
$_SESSION['comment_body'] = $comment; |
| 78 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
| 83 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id=$post_id&sid=$section_id"));
|
|
| 79 | 84 |
} |
| 80 | 85 |
} |
| 81 | 86 |
} |
| ... | ... | |
| 87 | 92 |
} |
| 88 | 93 |
|
| 89 | 94 |
// Insert the comment into db |
| 90 |
$page_id = $_GET['page_id']; |
|
| 91 |
$section_id = $_GET['section_id']; |
|
| 92 |
$post_id = $_GET['post_id']; |
|
| 93 |
$title = $wb->add_slashes(strip_tags($_POST['title'])); |
|
| 94 |
$comment = $wb->add_slashes(strip_tags($comment)); |
|
| 95 | 95 |
$commented_when = mktime(); |
| 96 | 96 |
if($wb->is_authenticated() == true) {
|
| 97 | 97 |
$commented_by = $wb->get_user_id(); |
| ... | ... | |
| 104 | 104 |
$page = $query_page->fetchRow(); |
| 105 | 105 |
header('Location: '.$wb->page_link($page['link']).'?id='.$post_id);
|
| 106 | 106 |
} else {
|
| 107 |
header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}");
|
|
| 107 |
if(isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_GET['section_id']) AND is_numeric($_GET['section_id'])) |
|
| 108 |
header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}");
|
|
| 109 |
else |
|
| 110 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
|
| 108 | 111 |
} |
| 109 | 112 |
|
| 110 | 113 |
?> |
| trunk/wb/modules/admin.php | ||
|---|---|---|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
// Get page id |
| 42 |
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) {
|
|
| 43 |
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
|
|
| 44 |
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) {
|
|
| 45 |
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
|
|
| 46 |
header("Location: index.php");
|
|
| 47 |
exit(0); |
|
| 48 |
} else {
|
|
| 49 |
$page_id = $_POST['page_id']; |
|
| 50 |
} |
|
| 51 |
} else {
|
|
| 52 |
$page_id = $_GET['page_id']; |
|
| 53 |
} |
|
| 54 |
} else {
|
|
| 55 |
$page_id = $_POST['page_id']; |
|
| 56 |
} |
|
| 42 |
if(isset($_GET['page_id']) AND is_numeric($_GET['page_id'])) {
|
|
| 43 |
$page_id = $_GET['page_id']; |
|
| 44 |
} elseif(isset($_POST['page_id']) AND is_numeric($_POST['page_id'])) {
|
|
| 45 |
$page_id = $_POST['page_id']; |
|
| 57 | 46 |
} else {
|
| 58 |
$page_id = $_GET['page_id']; |
|
| 47 |
header("Location: index.php");
|
|
| 48 |
exit(0); |
|
| 59 | 49 |
} |
| 60 | 50 |
|
| 61 | 51 |
// Get section id if there is one |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].