From: <lra...@us...> - 2003-01-03 21:39:41
|
Update of /cvsroot/tikiwiki/tiki In directory sc8-pr-cvs1:/tmp/cvs-serv2182 Modified Files: changelog.txt tiki-edit_templates.php tiki-setup.php Log Message: Merged 1.4 bugfixes branch into main trunk. Resolved conflicts. Fixed a bug when exporting wiki pages. Index: changelog.txt =================================================================== RCS file: /cvsroot/tikiwiki/tiki/changelog.txt,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- changelog.txt 3 Jan 2003 20:13:50 -0000 1.26 +++ changelog.txt 3 Jan 2003 21:39:38 -0000 1.27 @@ -73,6 +73,26 @@ The administrator (but not the user) can also specify the date and time format strings. Month and weekday names are also localized, if locales are configured correctly on the server. +Version 1.4.2 -Mira- + +* [FIX] Fixed a bug that crashed image caching +* [FIX] Fixed a bug that allowed admins with permission to edit templates to + edit any file +* [FIX] Fixed a bug that made unassigned modules remain assigned for + registered users +* [FIX] Now you can use ' in the browser title and other preferences + + +Version 1.4.1 -Mira- + +* [FIX] Fixed a bug that made Tiki unaware of links using the new + ((name|description)) syntax resulting in orphan pages and fake + link structure for the Wiki. +* [FIX] Corrected an error in tiki_1.3to1.4.sql, added the params + column to tiki_user_assigned_modules that was missing +* [FIX] Fixed a bug related to an incorrect link when editing the + user personal page as admin fro the user_preferences page + Version 1.4 -Mira- * [NEW] Quizzes, you can create quizzes with as many multiple-choice questions as you want and program specific answers Index: tiki-edit_templates.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/tiki-edit_templates.php,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- tiki-edit_templates.php 1 Jan 2003 23:15:05 -0000 1.3 +++ tiki-edit_templates.php 3 Jan 2003 21:39:38 -0000 1.4 @@ -19,6 +19,17 @@ $mode = 'listing'; } +// Validate to prevent editing any file +if(isset($_REQUEST["template"])) { + if((substr($_REQUEST["template"],0,10)!='templates/')||(strstr($_REQUEST["template"],'..'))) { + $smarty->assign('msg',tra("You dont have permission to do that")); + $smarty->display('error.tpl'); + die; + + } + +} + if(isset($_REQUEST["save"])) { $fp = fopen($_REQUEST["template"],"w"); if(!$fp) { Index: tiki-setup.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/tiki-setup.php,v retrieving revision 1.24 retrieving revision 1.25 diff -u -d -r1.24 -r1.25 --- tiki-setup.php 3 Jan 2003 16:44:50 -0000 1.24 +++ tiki-setup.php 3 Jan 2003 21:39:38 -0000 1.25 @@ -445,12 +445,12 @@ $prefs = $tikilib->get_all_preferences(); if(!file_exists('templates_c/preferences.php')) { - $fw=fopen('templates_c/preferences.php',"w"); + $fw=fopen('templates_c/preferences.php',"wb"); fwrite($fw,'<?php'."\n"); foreach($prefs as $name => $val) { $$name = $val; fwrite($fw,'$'.$name."=\"".$val."\";"); - fwrite($fw,'$smarty->assign("'.$name.'","'.$val.'");'); + fwrite($fw,'$smarty->assign("'.$name.'","'.'$'.$name.'");'); fwrite($fw,"\n"); $smarty->assign("$name",$val); } @@ -701,8 +701,9 @@ } } + if($feature_obzip == 'y') { ob_start("ob_gzhandler"); } -?> \ No newline at end of file +?> |