* @copyright WBCE Project (2015-)
* @license GNU GPL2 (or any later version)
*/
// Print admin header
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Access', 'groups_modify', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Check if group group_id is a valid number and doesnt equal 1
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
if ($group_id < 2) {
// if($admin_header) { $admin->print_header(); }
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
// Check values
if ($group_name == "") {
$admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
// After check print the header
$admin->print_header();
// Get system permissions
require_once ADMIN_PATH . '/groups/get_permissions.php';
// Create admin object
require '../../config.php';
$admin = new admin('Media', 'media_rename', false);
// Include the WB functions file
// Get the current dir
$directory = $admin->get_get('dir');
$directory = $directory == '/' ? '' : $directory;
$dirlink = 'browse.php?dir=' . $directory;
$rootlink = 'browse.php?dir=';
// $file_id = intval($admin->get_get('id'));
// first Check to see if it contains ..
if (!check_media_path($directory)) {
$admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], $rootlink, false);
}
// Get the temp id
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
if (!$file_id) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false);
}
// Get home folder not to show
$home_folders = get_home_folders();
// Check for potentially malicious files
$forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD);
// Figure out what folder name the temp id is
if ($handle = opendir(WB_PATH . MEDIA_DIRECTORY . '/' . $directory)) {
// Loop through the files and dirs an add to list
while (false !== ($file = readdir($handle))) {
$info = pathinfo($file);
$ext = isset($info['extension']) ? $info['extension'] : '';
if (substr($file, 0, 1) != '.' and $file != '.svn' and $file != 'index.php') {
if (!preg_match('/' . $forbidden_file_types . '$/i', $ext)) {
* @version $Id: delete.php 1457 2011-06-25 17:18:50Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/admin/pages/delete.php $
* @lastmodified $Date: 2011-06-25 19:18:50 +0200 (Sa, 25. Jun 2011) $
*
*/
// Create new admin object and print admin header
if (!defined('WB_PATH')) {
require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('admin', false)) {
require WB_PATH . '/framework/class.admin.php';
}
$admin = new admin('Pages', 'pages_delete');
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
if (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
exit;
}
// Get perms
if (!$admin->get_page_permission($page_id, 'admin')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Find out more about the page
$query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'";
$results = $database->query($query);
if ($database->is_error()) {
$admin->print_error($database->get_error());
}
if ($results->numRows() == 0) {
$admin->print_error($MESSAGE['PAGES_NOT_FOUND']);
* @platform WebsiteBaker 2.8.3
* @requirements PHP 5.3.6 and higher
* @version $Id: save_droplet.php 1503 2011-08-18 02:18:59Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/droplets/save_droplet.php $
* @lastmodified $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $
*
*/
require dirname(dirname(dirname(__DIR__))) . '/config.php';
if (!class_exists('admin', false)) {
require WB_PATH . '/framework/class.admin.php';
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
$admin->print_header();
$admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
$admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
$title = $admin->add_slashes($admin->get_post('title'));
$active = (int) $admin->get_post('active');
$admin_view = (int) $admin->get_post('admin_view');
$admin_edit = (int) $admin->get_post('admin_edit');
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
$description = $admin->add_slashes($admin->get_post('description'));
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
if (file_exists(ADMIN_PATH . '/admintools/tool.php')) {
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
} else {
$admintool_link = ADMIN_URL . '/settings/index.php?advanced=yes#administration_tools"';
$module_edit_link = ADMIN_URL . '/settings/tool.php?tool=droplets';
$admin = new admin('Settings', 'settings_advanced', false);
}
// Get id
if (version_compare(WB_VERSION, '2.8.2', '>=') && WB_VERSION != "2.8.x") {
$droplet_id = $admin->checkIDKEY('droplet_id', false, 'POST');
if (!$droplet_id) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
exit;
}
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
exit;
}
} else {
if (isset($_POST['droplet_id']) && is_numeric($_POST['droplet_id'])) {
$droplet_id = $_POST['droplet_id'];
} else {
header("Location: " . ADMIN_URL . "/pages/index.php");
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$page_id = intval(isset(${$requestMethod}['page_id']) ? ${$requestMethod}['page_id'] : 0);
$action = $page_id ? 'show' : $action;
// Get section id if there is one
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$section_id = isset(${$requestMethod}['section_id']) ? ${$requestMethod}['section_id'] : 0;
$action = $section_id ? 'delete' : $action;
// Get module if there is one
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$module = isset(${$requestMethod}['module']) ? ${$requestMethod}['module'] : 0;
$action = $module != '' ? 'add' : $action;
$admin_header = true;
$backlink = ADMIN_URL . '/pages/sections.php?page_id=' . (int) $page_id;
switch ($action) {
case 'delete':
if (!($section_id = intval($admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD'])))) {
if ($admin_header) {
$admin->print_header();
}
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
}
$action = 'show';
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ';
$sql .= 'WHERE `section_id` =' . $section_id;
if (($modulname = $database->get_one($sql)) == $module && $section_id > 0) {
// Include the modules delete file if it exists
if (file_exists(WB_PATH . '/modules/' . $modulname . '/delete.php')) {
require WB_PATH . '/modules/' . $modulname . '/delete.php';
}
$sql = 'DELETE FROM `' . TABLE_PREFIX . 'sections` ';
$sql .= 'WHERE `section_id` =' . (int) $section_id . ' LIMIT 1';
$admin = new admin('admintools', 'admintools', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) {
$aJsonRespond['message'] = 'insuficcient rights';
exit(json_encode($aJsonRespond));
}
// Sanitize variables
$action = $admin->add_slashes($_POST['action']);
if ($action == "updatePosition") {
$i = array();
$i_keys = array();
foreach (opf_get_types() as $type => $typename) {
$i[$type] = 1;
$i_keys[] = $type;
}
foreach ($aRows as $recID) {
$id = $admin->checkIDKEY($recID, 0, 'key', true);
$filter = opf_get_data($id);
$type = $filter['type'];
// now we sanitize array
$qstring = "UPDATE `" . TABLE_PREFIX . "mod_outputfilter_dashboard`" . " SET `position` = '" . $i[$type] . "'" . " WHERE `id` = " . intval($id) . " ";
if (!opf_db_run_query($qstring)) {
$aJsonRespond['success'] = false;
$aJsonRespond['message'] = 'db query failed: ' . opf_db_get_error();
$aJsonRespond['icon'] = 'cancel.gif';
exit(json_encode($aJsonRespond));
}
$i[$type]++;
}
} else {
$aJsonRespond['message'] = 'wrong arguments "$action"';
exit(json_encode($aJsonRespond));
case 'add_droplet':
ob_start();
extract($aQuery, EXTR_PREFIX_SAME, "dr");
if (is_readable($sCommand)) {
include $sCommand;
}
$sCommand = $ModulePath . 'commands/' . 'modify_droplet.php';
if (is_readable($sCommand)) {
include $sCommand;
}
$output = ob_get_clean();
break;
case 'modify_droplet':
ob_start();
extract($aQuery, EXTR_PREFIX_SAME, "dr");
$droplet_id = intval($admin->checkIDKEY($droplet_id, false, ''));
if (is_readable($sCommand)) {
include $sCommand;
}
$output = ob_get_clean();
break;
case 'backup_droplets':
ob_start();
extract($aQuery, EXTR_PREFIX_SAME, "dr");
if (is_readable($sCommand)) {
include $sCommand;
}
$output = ob_get_clean();
break;
case 'import_droplets':
ob_start();
* @lastmodified $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $
*
*/
// tool_edit.php
require_once '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// create admin object depending on platform (admin tools were moved out of settings with WB 2.7)
$admin = new admin('admintools', 'admintools');
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$template_edit_link = ADMIN_URL . '/admintools/tool.php?tool=templateedit';
$sOverviewDroplets = $TEXT['LIST_OPTIONS'];
// protect from CSRF
if (version_compare(WB_VERSION, '2.8.2', '>=') && WB_VERSION != "2.8.x") {
$id = intval($admin->checkIDKEY('id', false, 'GET'));
if (!$id or $id != 999) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
exit;
}
}
?>
<h4 style="margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px;">
<a href="<?php
echo $admintool_link;
?>
" title="<?php
echo $HEADING['ADMINISTRATION_TOOLS'];
?>
"><?php
echo $HEADING['ADMINISTRATION_TOOLS'];