Context Navigation

modules_view.php

Revision 704, 5.4 KB (checked in by brieb, 2 years ago)
Fixed several SQL injection vulnerabilities Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI Fixed severa path disclosure errors
Property svn:keywords set to `LastChangedBy LastChangedDate LastChangedRevision`

Line
1	<?php
2	/*
3	$Rev$ \| $LastChangedBy$
4	$LastChangedDate$
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40	include("../../include/session.php");
41	include("include/fields.php");
42	include("include/tables.php");
43
44	$thetable = new phpbmsTable($db, "tbld:ea159d67-5e89-5b7f-f5a0-c740e147cd73");
45	$therecord = $thetable->processAddEditPage();
46
47	if(isset($therecord["phpbmsStatus"]))
48	$statusmessage = $therecord["phpbmsStatus"];
49
50	$pageTitle="Installed Modules";
51
52	$phpbms->cssIncludes[] = "pages/base/modules.css";
53
54	//Form Elements
55	//==============================================================
56	$theform = new phpbmsForm();
57
58	$theform->jsMerge();
59	//==============================================================
60	//End Form Elements
61
62	include("header.php");
63
64	?>
65
66	<div class="bodyline">
67	<form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="record" onsubmit="return validateForm(this);">
68	<h1 id="topTitle"><span><?php echo $pageTitle ?></span></h1>
69
70	<fieldset id="fsAttributes">
71	<legend>attributes</legend>
72	<p>
73	<label for="id">id</label><br />
74	<input id="id" name="id" type="text" value="<?php echo $therecord["id"]; ?>" size="5" maxlength="5" readonly="readonly" class="uneditable"/>
75	</p>
76	<p>
77	<label for="uuid">uuid</label><br />
78	<input id="uuid" name="uuid" type="text" value="<?php echo $therecord["uuid"]; ?>" size="32" maxlength="64" readonly="readonly" class="uneditable"/>
79	</p>
80	<p>
81	<label for="version">version</label><br />
82	<input id="version" name="version" type="text" value="<?php echo $therecord["version"]; ?>" size="8" maxlength="8" readonly="readonly" class="uneditable" />
83	</p>
84	</fieldset>
85
86	<div id="leftSideDiv">
87	<fieldset>
88	<legend>name / folder</legend>
89	<p>
90	<label for="displayname">name</label><br />
91	<input id="displayname" name="displayname" type="text" value="<?php echo htmlQuotes($therecord["displayname"]); ?>" size="45" maxlength="128" readonly="readonly" class="uneditable" />
92	</p>
93
94	<p>
95	<label for="name">folder name/location</label><br />
96	<input id="name" name="name" type="text" value="<?php echo htmlQuotes($therecord["name"]); ?>" size="64" maxlength="128" readonly="readonly" class="uneditable" />
97	</p>
98	</fieldset>
99
100	<fieldset>
101	<legend><label for="description">description</label></legend>
102	<p>
103	<br />
104	<textarea id="description" name="description" rows="5" cols="56" readonly="readonly" class="uneditable"><?php echo htmlQuotes($therecord["description"])?></textarea>
105	</p>
106	</fieldset>
107
108	</div>
109	<p align="right">
110	<input name="cancelclick" type="hidden" value="0" />
111	<input name="command" id="cancel" type="submit" value="cancel" class="Buttons" onclick="this.form.cancelclick.value=true;" />
112	</p>
113	</form>
114	</div>
115	<?php include("footer.php");?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/modules/base/modules_view.php

Download in other formats: