mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-22 22:25:31 +02:00
Code Issues Releases Wiki Activity

Mass changes (work in progress - related beta testing and feedback highly appreciated)

Browse Source 
- New session handler - appropriate changes made at important core areas (language handler, chap login related)
- Overall better COOKIE handling (on both server and client side) - cookies respect now installation path, domain (based on language settings)
- Introduced Security Levels (see session handler constants/docs), security level option could be added to install routine now
- Security level printed on Administration info panel, appropriate lans added (subject of discussion)
- e_TOKEN security part of session handling now - logic depends depends on security level (TODO - POST_REFERER removal)
- e_print, e_dump debug functions added (for quick and nice debug view via site output), native overall FirePhp support planned
- a lot of minor bugfixes
This commit is contained in:
secretr
2010-10-26 07:41:20 +00:00
parent 6196a3e425
commit 645d2dda6d
29 changed files with 342 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
e107_handlers/form_handler.php
View File

@@ -660,9 +660,9 @@ class e_form
* Generate hidden security field
* @return string
*/
function referer()
function token()
{
return "<input type='hidden' name='__referer' value='".defset('POST_REFERER', '')."' id='e-form-referer' />";
return "<input type='hidden' name='e-token' value='".defset('e_TOKEN', '')."' />";
}
function submit($name, $value, $options = array())
@@ -1724,7 +1724,7 @@ class e_form
$text = "
<form method='post' action='{$formurl}' id='{$elid}-list-form'>
<div>".$this->referer()."
<div>".$this->token()."
".vartrue($options['fieldset_pre'])."
<fieldset id='{$elid}-list'>
<legend class='e-hideme'>".$options['legend']."</legend>
@@ -1845,7 +1845,7 @@ class e_form
$text .= "
<form method='post' action='".$url."' id='{$form['id']}-form' enctype='multipart/form-data'>
<div>
".$this->referer()."
".$this->token()."
";
foreach ($form['fieldsets'] as $elid => $data)
@@ -2119,7 +2119,7 @@ class form {
$method = ($form_method ? "method='".$form_method."'" : "");
$target = ($form_target ? " target='".$form_target."'" : "");
$name = ($form_name ? " id='".$form_name."' " : " id='myform'");
return "\n<form action='".$form_action."' ".$method.$target.$name.$form_enctype.$form_js.">".e107::getForm()->referer();
return "\n<form action='".$form_action."' ".$method.$target.$name.$form_enctype.$form_js.">".e107::getForm()->token();
}
function form_text($form_name, $form_size, $form_value, $form_maxlength = FALSE, $form_class = "tbox", $form_readonly = "", $form_tooltip = "", $form_js = "") {