From 497d9d8fcda61391c149af3747118bb2772c7c26 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 10 Nov 2008 21:41:13 +0000 Subject: [PATCH] Direct registration added, typo fixed, admin session on missing/failed login fixed, thanks to profi-conecpt --- .gitattributes | 2 ++ DOCS/de/THANK_YOU.txt | 4 ++-- inc/databases.php | 2 +- inc/doubler_send.php | 4 ++-- inc/functions.php | 12 ++++++++++ inc/language/de.php | 2 ++ inc/modules/admin.php | 17 +++++-------- inc/modules/admin/action- | 2 +- inc/modules/admin/action-admins.php | 2 +- inc/modules/admin/action-bank.php | 2 +- inc/modules/admin/action-country.php | 2 +- inc/modules/admin/action-doubler.php | 3 ++- inc/modules/admin/action-email.php | 2 +- inc/modules/admin/action-holiday.php | 2 +- inc/modules/admin/action-login.php | 2 +- inc/modules/admin/action-menu.php | 2 +- inc/modules/admin/action-misc.php | 2 +- inc/modules/admin/action-mods.php | 2 +- inc/modules/admin/action-newsletter.php | 2 +- inc/modules/admin/action-payouts.php | 2 +- inc/modules/admin/action-primera.php | 2 +- inc/modules/admin/action-rallye.php | 2 +- inc/modules/admin/action-repair.php | 2 +- inc/modules/admin/action-setup.php | 2 +- inc/modules/admin/action-sponsor.php | 2 +- inc/modules/admin/action-stats.php | 2 +- inc/modules/admin/action-surfbar.php | 2 +- inc/modules/admin/action-task.php | 2 +- inc/modules/admin/action-theme.php | 2 +- inc/modules/admin/action-transfer.php | 2 +- inc/modules/admin/action-user.php | 2 +- inc/modules/admin/action-wernis.php | 2 +- inc/modules/admin/overview-inc.php | 10 ++++++-- inc/modules/admin/what-list_task.php | 24 ++++++++++++++----- inc/modules/guest/action-admin.php | 2 +- inc/modules/guest/action-main.php | 2 +- inc/modules/guest/action-members.php | 2 +- inc/modules/guest/action-sponsor.php | 2 +- inc/modules/member/action- | 2 +- inc/modules/member/action-account.php | 2 +- inc/modules/member/action-bank.php | 2 +- inc/modules/member/action-extras.php | 2 +- inc/modules/member/action-logout.php | 2 +- inc/modules/member/action-main.php | 2 +- inc/modules/member/action-order.php | 2 +- inc/modules/member/action-rals.php | 2 +- inc/modules/member/action-stats.php | 2 +- inc/modules/member/action-surfbar.php | 2 +- modules.php | 2 +- .../html/admin/admin_list_task_ext_rows.tpl | 11 +++++++++ .../de/html/admin/admin_list_task_rows.tpl | 7 +++--- .../de/html/admin/admin_overview_footer.tpl | 19 +++++++-------- .../html/admin/admin_overview_footer_task.tpl | 20 +++++++--------- .../de/html/admin/admin_overview_header.tpl | 15 ++++++------ .../html/admin/admin_overview_header_task.tpl | 16 ++++++------- .../admin/admin_overview_list_ext_rows.tpl | 11 +++++++++ .../html/admin/admin_overview_list_rows.tpl | 7 +++--- 57 files changed, 155 insertions(+), 109 deletions(-) create mode 100644 templates/de/html/admin/admin_list_task_ext_rows.tpl create mode 100644 templates/de/html/admin/admin_overview_list_ext_rows.tpl diff --git a/.gitattributes b/.gitattributes index a52ab12f94..08db658cbe 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1005,6 +1005,7 @@ templates/de/html/admin/admin_list_surfbar_actions.tpl -text templates/de/html/admin/admin_list_surfbar_actions_row.tpl -text templates/de/html/admin/admin_list_surfbar_urls.tpl -text templates/de/html/admin/admin_list_surfbar_urls_row.tpl -text +templates/de/html/admin/admin_list_task_ext_rows.tpl -text templates/de/html/admin/admin_list_task_rows.tpl -text templates/de/html/admin/admin_list_transfer.tpl -text templates/de/html/admin/admin_list_transfer_row.tpl -text @@ -1072,6 +1073,7 @@ templates/de/html/admin/admin_overview_footer_task.tpl -text templates/de/html/admin/admin_overview_header.tpl -text templates/de/html/admin/admin_overview_header_task.tpl -text templates/de/html/admin/admin_overview_list.tpl -text +templates/de/html/admin/admin_overview_list_ext_rows.tpl -text templates/de/html/admin/admin_overview_list_rows.tpl -text templates/de/html/admin/admin_overview_row.tpl -text templates/de/html/admin/admin_overview_task.tpl -text diff --git a/DOCS/de/THANK_YOU.txt b/DOCS/de/THANK_YOU.txt index 39e93fa9cd..698264f355 100644 --- a/DOCS/de/THANK_YOU.txt +++ b/DOCS/de/THANK_YOU.txt @@ -29,8 +29,8 @@ Personen: (http://www.simplemail.de) - AndreasJung aus dem MXChange-Community Forum wegen zahlreicher Bugmeldungen. (http://www.onlinewerbebombe.de) -- Der User profi-concept aus meinem Forum hat mir Patches fuer die config.php - zugesandt, die Probleme unter Windows gefixt haben. +- Der User profi-concept aus meinem Forum hat mir sehr viele gute Patches zur + Verfuegung gestellt (http://www.stelzi.net) Websites / Programmierer / etc.: - SF.net: Hosten meine Projektdateien (nur Archive) diff --git a/inc/databases.php b/inc/databases.php index 061185b08b..9435b22059 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -114,7 +114,7 @@ define('USAGE_BASE', "usage"); define('SERVER_URL', "http://www.mxchange.org"); // This current patch level -define('CURR_SVN_REVISION', "531"); +define('CURR_SVN_REVISION', "532"); // Take a prime number which is long (if you know a longer one please try it out!) define('_PRIME', 591623); diff --git a/inc/doubler_send.php b/inc/doubler_send.php index 0efe4f5bd4..b6a7505e1d 100644 --- a/inc/doubler_send.php +++ b/inc/doubler_send.php @@ -90,7 +90,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) // Referal points found so add them and set line(s) to completed='Y' $points += $ref; $result_ref = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE refid=%s AND completed='N' AND is_ref='Y'", - array(bigintval($uid)), __FILE__, __LINE__); + array(bigintval($uid)), __FILE__, __LINE__); } else { // No referal points found $ref = 0; @@ -104,7 +104,7 @@ if (((SQL_NUMROWS($result_total) > 0) && ($_CONFIG['doubler_sent_all'] == "Y")) // Set entry as "payed" $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_doubler SET completed='Y' WHERE id=%s LIMIT 1", - array(bigintval($id)), __FILE__, __LINE__); + array(bigintval($id)), __FILE__, __LINE__); $OK = false; // Check for jackpot inclusion in doubling process diff --git a/inc/functions.php b/inc/functions.php index c32fbdc0fa..8e533d3582 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -2782,6 +2782,18 @@ function DETERMINE_REFID () { } // END - if } +// Destroys the admin session +function DESTROY_ADMIN_SESSION () { + // Kill maybe existing session variables including array elements + set_session('admin_login' , ""); + set_session('admin_md5' , ""); + set_session('admin_last' , ""); + set_session('admin_to' , ""); + + // Destroy session and return status + return @session_destroy(); +} + ////////////////////////////////////////////////// // // // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS // diff --git a/inc/language/de.php b/inc/language/de.php index aa39b4f61e..84daad99b5 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -768,6 +768,7 @@ define('ADMIN_NEW_EXT_SUBJ', "Neue Erweiterung gefunden"); define('ADMIN_TASK_SUBJECT', "Aufgabenbetreff"); define('ADMIN_TASK_TEXT', "Aufgabentext"); define('ADMIN_REGISTER_EXTENSION', "Registrieren"); +define('ADMIN_REGISTER_EXTENSION_TITLE', "Erweiterung direkt registrieren"); define('ADMIN_SELECTED_TASKS_ASSIGN', "Zum Bearbeiten ausgewählte Tasks"); define('ADMIN_REG_FAILED_INVALID', "Registrierung fehlgeschlagen: Ungütige ID übermittelt!"); define('ADMIN_REG_FAILED_ID_404', "Registrierung fehlgeschlagen: Erweiterung-ID nicht auffindbar!"); @@ -1192,6 +1193,7 @@ define('MAILS_CONFIRMED', "Emails bestätigt"); define('RAND_CONFIRMED', "Bestätigt f. Zufalls-Ref"); define('LOCK_REASON', "Sperrgrund"); define('LOCK_TIMESTAMP', "Sperrzeitpunkt"); +define('EXTENSION', "Erweiterung"); define('MEMBER_MAIL_BONUS_CONFIRMED_ON', "Sie haben diese Bonusmail %s bestätigt."); define('MEMBER_MAIL_NORMAL_CONFIRMED_ON', "Sie haben diese Klickmail %s bestätigt."); diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 515c745ee9..1017c5b164 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -41,7 +41,7 @@ if (!defined('__SECURITY')) { if ((empty($GLOBALS['action'])) && ($check == "admin_only")) { // Redirect to right URL LOAD_URL("modules.php?module=admin&action=login"); -} +} // END - if // Load include file require_once(PATH."inc/modules/admin/admin-inc.php"); @@ -228,11 +228,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { case "404": // Administrator login not found $_POST['ok'] = $ret; $ret = ADMIN_NOT_FOUND; + DESTROY_ADMIN_SESSION(); break; case "pass": // Wrong password $_POST['ok'] = $ret; $ret = WRONG_PASS." [".ADMIN_RESET_PASS."]\n"; + DESTROY_ADMIN_SESSION(); break; } } @@ -299,16 +301,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } } elseif (isset($_GET['logout'])) { // Only try to remove cookies - if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) { - // Also remove array elements - set_session('admin_login', ""); - set_session('admin_md5' , ""); - set_session('admin_last' , ""); - set_session('admin_to' , ""); - - // Destroy session - @session_destroy(); - + if (DESTROY_ADMIN_SESSION()) { // Load logout template if (isset($_GET['register'])) { // Secure input @@ -387,11 +380,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { case "404": // Administrator login not found $_POST['ok'] = $ret; + DESTROY_ADMIN_SESSION(); ADD_FATAL(ADMIN_NOT_FOUND); break; case "pass": // Wrong password $_POST['ok'] = $ret; + DESTROY_ADMIN_SESSION(); ADD_FATAL(WRONG_PASS); break; } diff --git a/inc/modules/admin/action- b/inc/modules/admin/action- index 69b93d86a1..b376444c68 100644 --- a/inc/modules/admin/action- +++ b/inc/modules/admin/action- @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-admins.php b/inc/modules/admin/action-admins.php index 513906d171..57e0b82c79 100644 --- a/inc/modules/admin/action-admins.php +++ b/inc/modules/admin/action-admins.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-bank.php b/inc/modules/admin/action-bank.php index f1504ea044..fd7f3e0325 100644 --- a/inc/modules/admin/action-bank.php +++ b/inc/modules/admin/action-bank.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-country.php b/inc/modules/admin/action-country.php index c2326203b5..4736252208 100644 --- a/inc/modules/admin/action-country.php +++ b/inc/modules/admin/action-country.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-doubler.php b/inc/modules/admin/action-doubler.php index 26c92b1837..baa342f612 100644 --- a/inc/modules/admin/action-doubler.php +++ b/inc/modules/admin/action-doubler.php @@ -41,11 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf(."%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); } else { + // "what file" not found ADD_FATAL(ADMIN_404_ACTION_1.$GLOBALS['what'].ADMIN_404_ACTION_2); } diff --git a/inc/modules/admin/action-email.php b/inc/modules/admin/action-email.php index 2c4940c646..806fc69daf 100644 --- a/inc/modules/admin/action-email.php +++ b/inc/modules/admin/action-email.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-holiday.php b/inc/modules/admin/action-holiday.php index 11200f7bc1..79247485a3 100644 --- a/inc/modules/admin/action-holiday.php +++ b/inc/modules/admin/action-holiday.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-login.php b/inc/modules/admin/action-login.php index 03d8459449..5e51c7f267 100644 --- a/inc/modules/admin/action-login.php +++ b/inc/modules/admin/action-login.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-menu.php b/inc/modules/admin/action-menu.php index c11decc481..2643a16251 100644 --- a/inc/modules/admin/action-menu.php +++ b/inc/modules/admin/action-menu.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-misc.php b/inc/modules/admin/action-misc.php index e25b996f4b..0f33b8e677 100644 --- a/inc/modules/admin/action-misc.php +++ b/inc/modules/admin/action-misc.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-mods.php b/inc/modules/admin/action-mods.php index 775d8cab98..e286fcab47 100644 --- a/inc/modules/admin/action-mods.php +++ b/inc/modules/admin/action-mods.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-newsletter.php b/inc/modules/admin/action-newsletter.php index 2e22f370f9..4114603ea4 100644 --- a/inc/modules/admin/action-newsletter.php +++ b/inc/modules/admin/action-newsletter.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-payouts.php b/inc/modules/admin/action-payouts.php index 1f588275e9..8a44bf6450 100644 --- a/inc/modules/admin/action-payouts.php +++ b/inc/modules/admin/action-payouts.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-primera.php b/inc/modules/admin/action-primera.php index a4a4070324..cc6d11dfa2 100644 --- a/inc/modules/admin/action-primera.php +++ b/inc/modules/admin/action-primera.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-rallye.php b/inc/modules/admin/action-rallye.php index aff9a0fe1e..7534627533 100644 --- a/inc/modules/admin/action-rallye.php +++ b/inc/modules/admin/action-rallye.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-repair.php b/inc/modules/admin/action-repair.php index 68f8cdddb8..6073f068df 100644 --- a/inc/modules/admin/action-repair.php +++ b/inc/modules/admin/action-repair.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-setup.php b/inc/modules/admin/action-setup.php index 5f5b0c4058..4cf61595b5 100644 --- a/inc/modules/admin/action-setup.php +++ b/inc/modules/admin/action-setup.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-sponsor.php b/inc/modules/admin/action-sponsor.php index 7ff7d038e9..7effb6fb07 100644 --- a/inc/modules/admin/action-sponsor.php +++ b/inc/modules/admin/action-sponsor.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-stats.php b/inc/modules/admin/action-stats.php index de96e3bd84..add4def3f2 100644 --- a/inc/modules/admin/action-stats.php +++ b/inc/modules/admin/action-stats.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-surfbar.php b/inc/modules/admin/action-surfbar.php index 3ddd896dd9..2a69435104 100644 --- a/inc/modules/admin/action-surfbar.php +++ b/inc/modules/admin/action-surfbar.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-task.php b/inc/modules/admin/action-task.php index 5dd6f7b1ca..9f28d4622f 100644 --- a/inc/modules/admin/action-task.php +++ b/inc/modules/admin/action-task.php @@ -44,7 +44,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-theme.php b/inc/modules/admin/action-theme.php index fae7b83481..dbf518f62b 100644 --- a/inc/modules/admin/action-theme.php +++ b/inc/modules/admin/action-theme.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-transfer.php b/inc/modules/admin/action-transfer.php index c4b1d1bb4b..692128a1dd 100644 --- a/inc/modules/admin/action-transfer.php +++ b/inc/modules/admin/action-transfer.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-user.php b/inc/modules/admin/action-user.php index 5ef4c8d18f..ba5a009c39 100644 --- a/inc/modules/admin/action-user.php +++ b/inc/modules/admin/action-user.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/action-wernis.php b/inc/modules/admin/action-wernis.php index d543b6b5fb..65a75c8b68 100644 --- a/inc/modules/admin/action-wernis.php +++ b/inc/modules/admin/action-wernis.php @@ -41,7 +41,7 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) { ADD_DESCR("admin", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the admin action module include($INC); diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index f77e1e00fe..9a81ae8795 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -442,8 +442,14 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { 'created' => MAKE_DATETIME($created, "2") ); - // Load row template - LOAD_TEMPLATE("admin_overview_list_rows", false, $content); + // Do we have extension task? + if ($type == "EXTENSION") { + // Load extension row template + LOAD_TEMPLATE("admin_overview_list_ext_rows", false, $content); + } else { + // Load default row template + LOAD_TEMPLATE("admin_overview_list_rows", false, $content); + } // Switch color $SW = 3 - $SW; diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php index c00272e287..251cf29082 100644 --- a/inc/modules/admin/what-list_task.php +++ b/inc/modules/admin/what-list_task.php @@ -161,15 +161,17 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L $infos = substr($subj, 1, strpos($subj, ":") - 1); break; } - if ($uid > 0) - { + + // Member assigned with task? + if ($uid > 0) { // Member found otherwise it's a system task $uid = ADMIN_USER_PROFILE_LINK($uid); - } - else - { + } else { + // Is a system task! $uid = "".ADMIN_IS_SYSTEM_TASK.""; } + + // Prepare content $content = array( 'sw' => $SW, 'id' => $id, @@ -179,7 +181,17 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L 'type' => $type_out, 'created' => MAKE_DATETIME($created, "2") ); - LOAD_TEMPLATE("admin_list_task_rows", false, $content); + + // Do we have an extension task? + if ($type == "EXTENSION") { + // Load extension row template + LOAD_TEMPLATE("admin_list_task_ext_rows", false, $content); + } else { + // Load default row template + LOAD_TEMPLATE("admin_list_task_rows", false, $content); + } + + // Switch colors $SW = 3 - $SW; } diff --git a/inc/modules/guest/action-admin.php b/inc/modules/guest/action-admin.php index 68567e02b2..17443554f4 100644 --- a/inc/modules/guest/action-admin.php +++ b/inc/modules/guest/action-admin.php @@ -39,7 +39,7 @@ if (!defined('__SECURITY')) { if (GET_ACTION("guest", $GLOBALS['what']) == "admin") { // Only when one admin link is clicked... - $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); + $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the guest action module include($INC); diff --git a/inc/modules/guest/action-main.php b/inc/modules/guest/action-main.php index 1b17362a98..a1c35d51cd 100644 --- a/inc/modules/guest/action-main.php +++ b/inc/modules/guest/action-main.php @@ -41,7 +41,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("guest", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); $IS_VALID = WHAT_IS_VALID(GET_ACTION("guest", $GLOBALS['what']), $GLOBALS['what'], "guest"); if ((FILE_READABLE($INC)) && ($IS_VALID)) { diff --git a/inc/modules/guest/action-members.php b/inc/modules/guest/action-members.php index 7675a00537..d066e56036 100644 --- a/inc/modules/guest/action-members.php +++ b/inc/modules/guest/action-members.php @@ -41,7 +41,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("guest", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the guest action module include($INC); diff --git a/inc/modules/guest/action-sponsor.php b/inc/modules/guest/action-sponsor.php index 994c04959c..deeabb891b 100644 --- a/inc/modules/guest/action-sponsor.php +++ b/inc/modules/guest/action-sponsor.php @@ -40,7 +40,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("guest", __FILE__); // Load the include file -$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']); +$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC)) { // Ok, we finally load the guest action module include($INC); diff --git a/inc/modules/member/action- b/inc/modules/member/action- index cb013024b6..67fc3812cb 100644 --- a/inc/modules/member/action- +++ b/inc/modules/member/action- @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-account.php b/inc/modules/member/action-account.php index 7de4396367..91e746e096 100644 --- a/inc/modules/member/action-account.php +++ b/inc/modules/member/action-account.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-bank.php b/inc/modules/member/action-bank.php index ab4e84069a..0e60f78b6b 100644 --- a/inc/modules/member/action-bank.php +++ b/inc/modules/member/action-bank.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-extras.php b/inc/modules/member/action-extras.php index d98cbfebc9..89cdbb859c 100644 --- a/inc/modules/member/action-extras.php +++ b/inc/modules/member/action-extras.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-logout.php b/inc/modules/member/action-logout.php index d80fca3b99..8c2867af95 100644 --- a/inc/modules/member/action-logout.php +++ b/inc/modules/member/action-logout.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-main.php b/inc/modules/member/action-main.php index 72e405d7ad..24359aa6fd 100644 --- a/inc/modules/member/action-main.php +++ b/inc/modules/member/action-main.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-order.php b/inc/modules/member/action-order.php index 3277bcc4d3..3bb82fa237 100644 --- a/inc/modules/member/action-order.php +++ b/inc/modules/member/action-order.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-rals.php b/inc/modules/member/action-rals.php index 9fc44c6357..07465dfbde 100644 --- a/inc/modules/member/action-rals.php +++ b/inc/modules/member/action-rals.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-stats.php b/inc/modules/member/action-stats.php index fdac22b762..a60ad4ba0c 100644 --- a/inc/modules/member/action-stats.php +++ b/inc/modules/member/action-stats.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/inc/modules/member/action-surfbar.php b/inc/modules/member/action-surfbar.php index 1388feec5c..19b460abbe 100644 --- a/inc/modules/member/action-surfbar.php +++ b/inc/modules/member/action-surfbar.php @@ -46,7 +46,7 @@ if (!defined('__SECURITY')) { ADD_DESCR("member", __FILE__); // Load the include file -$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']); +$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what'])); if (FILE_READABLE($INC_WHAT)) { // Ok, we finally load the member action module include_once($INC_WHAT); diff --git a/modules.php b/modules.php index 9dcd410fea..3787101d99 100644 --- a/modules.php +++ b/modules.php @@ -110,7 +110,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I case "mem_only": case "done": // Construct module name - define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module'])); + define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module']))); // Does the module exists on local file system? if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) { diff --git a/templates/de/html/admin/admin_list_task_ext_rows.tpl b/templates/de/html/admin/admin_list_task_ext_rows.tpl new file mode 100644 index 0000000000..f5dca425a7 --- /dev/null +++ b/templates/de/html/admin/admin_list_task_ext_rows.tpl @@ -0,0 +1,11 @@ + + + + + $content[admin] + {--ADMIN_REGISTER_EXTENSION--} + $content[infos] + $content[uid] + $content[type] + $content[created]] + diff --git a/templates/de/html/admin/admin_list_task_rows.tpl b/templates/de/html/admin/admin_list_task_rows.tpl index e3f384c4ab..83dceaf70d 100644 --- a/templates/de/html/admin/admin_list_task_rows.tpl +++ b/templates/de/html/admin/admin_list_task_rows.tpl @@ -1,10 +1,11 @@ - + + $content[admin] + --- $content[infos] $content[uid] $content[type] $content[created]] - \ No newline at end of file + diff --git a/templates/de/html/admin/admin_overview_footer.tpl b/templates/de/html/admin/admin_overview_footer.tpl index 688faaf513..afce7a5911 100644 --- a/templates/de/html/admin/admin_overview_footer.tpl +++ b/templates/de/html/admin/admin_overview_footer.tpl @@ -1,15 +1,12 @@ - - + + + + + + + - \ No newline at end of file + diff --git a/templates/de/html/admin/admin_overview_footer_task.tpl b/templates/de/html/admin/admin_overview_footer_task.tpl index 7dcb37994d..f09ecb560d 100644 --- a/templates/de/html/admin/admin_overview_footer_task.tpl +++ b/templates/de/html/admin/admin_overview_footer_task.tpl @@ -1,17 +1,15 @@ - - + + + + + + + -
{--TASK_DELETE_MODE_NOTE--} +
+ {--TASK_DELETE_MODE_NOTE--}
diff --git a/templates/de/html/admin/admin_overview_header.tpl b/templates/de/html/admin/admin_overview_header.tpl index 5326cb9edf..98a7295b63 100644 --- a/templates/de/html/admin/admin_overview_header.tpl +++ b/templates/de/html/admin/admin_overview_header.tpl @@ -1,17 +1,16 @@ -
- + +
- + + - \ No newline at end of file + diff --git a/templates/de/html/admin/admin_overview_header_task.tpl b/templates/de/html/admin/admin_overview_header_task.tpl index f045a68ae8..87036f0e34 100644 --- a/templates/de/html/admin/admin_overview_header_task.tpl +++ b/templates/de/html/admin/admin_overview_header_task.tpl @@ -1,18 +1,16 @@ - -
{--ADMIN_TASK_SYSTEM_WELCOME--} + {--ADMIN_TASK_SYSTEM_WELCOME--} +
{--ID_SELECT--} {--ADMIN_ASSIGNED_ADMIN--}{--ADMIN_REGISTER_EXTENSION--} {--ADMIN_TASK_INFOS--} {--ADMIN_MEMBER_UID--} {--ADMIN_TASK_TYPE--} {--ADMIN_TASK_CREATED--}
+ +
- + + - \ No newline at end of file + diff --git a/templates/de/html/admin/admin_overview_list_ext_rows.tpl b/templates/de/html/admin/admin_overview_list_ext_rows.tpl new file mode 100644 index 0000000000..f5dca425a7 --- /dev/null +++ b/templates/de/html/admin/admin_overview_list_ext_rows.tpl @@ -0,0 +1,11 @@ + + + + + + + + + diff --git a/templates/de/html/admin/admin_overview_list_rows.tpl b/templates/de/html/admin/admin_overview_list_rows.tpl index e3f384c4ab..83dceaf70d 100644 --- a/templates/de/html/admin/admin_overview_list_rows.tpl +++ b/templates/de/html/admin/admin_overview_list_rows.tpl @@ -1,10 +1,11 @@ + + + - \ No newline at end of file + -- 2.39.5
$content[message] + $content[message] +
{--ID_SELECT--} {--ADMIN_ASSIGNED_ADMIN--}{--ADMIN_REGISTER_EXTENSION--} {--ADMIN_TASK_INFOS--} {--ADMIN_MEMBER_UID--} {--ADMIN_TASK_TYPE--} {--ADMIN_TASK_CREATED--}
+ + $content[admin]{--ADMIN_REGISTER_EXTENSION--}$content[infos]$content[uid]$content[type]$content[created]]
- $content[admin]--- $content[infos] $content[uid] $content[type] $content[created]]