Index: trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php
===================================================================
diff -u -r4961 -r4966
--- trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php (.../commands.php) (revision 4961)
+++ trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/commands.php (.../commands.php) (revision 4966)
@@ -45,29 +45,31 @@
// Close the "Folders" node.
echo "" ;
}
-/*
-function GetCmsTree()
-{
- $conn = GetADODbConnection();
- $query="SELECT st.* , wb.eng_content AS page_title
- FROM structure_templates st
- LEFT JOIN working_blocks AS wb
- ON (st.st_id = wb.template_id) AND (wb.block_type = 3) WHERE st_id != '5' AND st_path != '/cms' GROUP BY st_id ORDER BY st_lastupdate desc";
- $rs = $conn->Execute($query);
- if ($rs && !$rs->EOF)
- {
- $ret = "";
- while($rs && !$rs->EOF) {
- $ret.= '';
- //echo $rs->fields['page_title']."
";
- $rs->MoveNext();
+function ValidateSID()
+{
+ if (isset($Config['K4Mode']))
+ return true;
+ else {
+ $conn = GetADODbConnection();
+ $session_time = GetConfigValue('ses_timeout')+0;
+ $sid = $_COOKIE['admin_sid'];
+ $sql = "SELECT count( sd.sid )
+ FROM session_data AS sd
+ LEFT JOIN sessions AS s ON s.sid = sd.sid
+ WHERE sd.`name` = 'admin_mode'
+ AND sd.`value` = '1'
+ AND sd.sid = '".$sid."'
+ AND s.expire + '".$session_time."' > unix_timestamp()";
+ if ($conn->GetOne($sql) > 0) {
+ return true;
+ } else {
+ echo "SESSION Validation FALSE";
}
- $ret.= '';
- echo $ret;
}
-}
-*/
+ return false;
+}
+
function GetCmsTree()
{
global $Config;
@@ -509,36 +511,38 @@
DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
echo '' ;
}
- foreach ($aFiles AS $k=>$v) {
- $add_sql = '';
- if ($v == '')
- continue;
- $deleted_file = $Config['UserFilesPathNoBase'].$resourceType.$currentFolder.addslashes($v);
- for($i=0; $i 0) {
- $add_sql = rtrim($add_sql," OR");
- $sql = "SELECT lb1.template_id, lb2.".$def_lang_prefix."_content FROM live_blocks AS lb1
- LEFT JOIN live_blocks AS lb2 ON lb2.template_id = lb1.template_id AND lb2.block_num = 20
- WHERE".$add_sql;
- $rs = $conn->Execute($sql);
- while ($rs && !$rs->EOF) {
- $used = 1;
- $page = $rs->fields[$def_lang_prefix.'_content'];
- $page = @html_entity_decode($page,ENT_NOQUOTES,'UTF-8');
- $page = @htmlspecialchars($page);
- $ret_xml.= '' ;
- $rs->MoveNext();
- }
+ if (!$confirm) {
+ foreach ($aFiles AS $k=>$v) {
+ $add_sql = '';
+ if ($v == '')
+ continue;
+ $deleted_file = $Config['UserFilesPathNoBase'].$resourceType.$currentFolder.addslashes($v);
+ for($i=0; $i 0) {
+ $add_sql = rtrim($add_sql," OR");
+ $sql = "SELECT lb1.template_id, lb2.".$def_lang_prefix."_content FROM live_blocks AS lb1
+ LEFT JOIN live_blocks AS lb2 ON lb2.template_id = lb1.template_id AND lb2.block_num = 20
+ WHERE".$add_sql;
+ $rs = $conn->Execute($sql);
+ while ($rs && !$rs->EOF) {
+ $used = 1;
+ $page = $rs->fields[$def_lang_prefix.'_content'];
+ $page = @html_entity_decode($page,ENT_NOQUOTES,'UTF-8');
+ $page = @htmlspecialchars($page);
+ $ret_xml.= '' ;
+ $rs->MoveNext();
+ }
+ }
}
+ if ($ret_xml && !$confirm)
+ echo $ret_xml;
+ if (!$ret_xml && !$confirm) {
+ DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
+ echo '' ;
+ }
}
- if ($ret_xml && !$confirm)
- echo $ret_xml;
- if (!$ret_xml && !$confirm) {
- DeleteConfirmedFiles($resourceType, $currentFolder, $aFiles);
- echo '' ;
- }
}
?>
Index: trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php
===================================================================
diff -u -r4961 -r4966
--- trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php (.../connector.php) (revision 4961)
+++ trunk/admin/editor/cmseditor/editor/filemanager/browser/default/connectors/php/connector.php (.../connector.php) (revision 4966)
@@ -42,7 +42,10 @@
}
}
//exit;
-DoResponse() ;
+if (ValidateSID())
+ DoResponse() ;
+
+
function DoResponse()
{
if ($_GET['Command'] != 'GetCmsTree') {