Ignore:
Timestamp:
Dec 5, 2013, 8:36:36 PM (10 years ago)
Author:
mistic100
Message:

fix security problem, fix sql fatal error, try to fix display on smartpocket

Location:
extensions/AdminTools/include
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • extensions/AdminTools/include/MultiView.class.php

    r25655 r25791  
    113113      );
    114114
    115     if ($this->is_admin)
     115    // inactive on ws.php to allow AJAX admin tasks
     116    if ($this->is_admin && script_basename() != 'ws')
    116117    {
    117118      if ($this->data['view_as'] == 0)
     
    201202  public function init()
    202203  {
    203     if (isset($_GET['ato_purge_template']))
    204     {
    205       global $template;
    206       $template->delete_compiled_templates();
    207       FileCombiner::clear_combined_files();
     204    if ($this->is_admin)
     205    {
     206      if (isset($_GET['ato_purge_template']))
     207      {
     208        global $template;
     209        $template->delete_compiled_templates();
     210        FileCombiner::clear_combined_files();
     211      }
    208212    }
    209213  }

  • extensions/AdminTools/include/events.inc.php

    r25675 r25791  
    88function admintools_add_public_controller()
    99{
    10   global $MultiView, $conf;
     10  global $MultiView, $conf, $template, $page, $user;
    1111
    1212  if (!$MultiView->is_admin())
     
    1414    return;
    1515  }
    16 
    17   global $template, $page, $user;
    1816
    1917  $url_root = get_root_url();
     
    9997
    10098    $tpl_vars['QUICK_EDIT'] = array(
    101       'img' =>                $picture['current']['derivatives']['square'],
     99      'img' =>                $picture['current']['derivatives']['square']->get_url(),
    102100      'name' =>               $picture['current']['name'],
    103101      'comment' =>            $picture['current']['comment'],
     
    132130    }
    133131
    134     $query = '
     132    $tpl_vars['QUICK_EDIT'] = array(
     133      'img' =>      null,
     134      'name' =>     $page['category']['name'],
     135      'comment' =>  $page['category']['comment'],
     136      );
     137
     138    if (!empty($page['category']['representative_picture_id']))
     139    {
     140      $query = '
    135141SELECT * FROM '.IMAGES_TABLE.'
    136142  WHERE id = '. $page['category']['representative_picture_id'] .'
    137143;';
    138     $image_infos = pwg_db_fetch_assoc(pwg_query($query));
    139 
    140     $tpl_vars['QUICK_EDIT'] = array(
    141       'img' =>      DerivativeImage::get_one(IMG_SQUARE, $image_infos),
    142       'name' =>     $page['category']['name'],
    143       'comment' =>  $page['category']['comment'],
    144       );
     144      $image_infos = pwg_db_fetch_assoc(pwg_query($query));
     145
     146      $tpl_vars['QUICK_EDIT']['img'] = DerivativeImage::get_one(IMG_SQUARE, $image_infos)->get_url();
     147    }
    145148  }
    146149
     
    201204function admintools_save_picture()
    202205{
    203   global $page, $conf;
     206  global $page, $conf, $MultiView;
     207
     208  if (!$MultiView->is_admin())
     209  {
     210    return;
     211  }
    204212
    205213  if (isset($_GET['delete']) and get_pwg_token()==@$_GET['pwg_token'])
     
    269277function admintools_save_category()
    270278{
    271   global $page, $conf;
     279  global $page, $conf, $MultiView;
     280
     281  if (!$MultiView->is_admin())
     282  {
     283    return;
     284  }
    272285 
    273286  if (@$_POST['action'] == 'quick_edit')
Note: See TracChangeset for help on using the changeset viewer.