Commit ad2f3053 authored by mose's avatar mose

Security fixes merge

parent decdfe5e
......@@ -3132,6 +3132,7 @@ tiki/templates/babelfish.tpl -text
tiki/templates/bidi.tpl -text
tiki/templates/categorize.tpl -text
tiki/templates/comments.tpl -text
tiki/templates/confirm.tpl -text
tiki/templates/copyrights.tpl -text svneol=unset#application/octet-stream
tiki/templates/debug/index.php -text
tiki/templates/debug/tiki-debug_console_help.tpl -text
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/comments.php,v 1.27 2004-03-28 07:32:22 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/comments.php,v 1.28 2004-03-31 07:38:41 mose Exp $
// Copyright (c) 2002-2004, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -238,11 +238,16 @@ if ($_REQUEST["comments_threadId"] > 0) {
}
if ($tiki_p_remove_comments == 'y') {
if (isset($_REQUEST["comments_remove"]) && isset($_REQUEST["comments_threadId"])) {
$comments_show = 'y';
$commentslib->remove_comment($_REQUEST["comments_threadId"]);
}
if (isset($_REQUEST["comments_remove"]) && isset($_REQUEST["comments_threadId"])) {
$area = 'delcomment';
if (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"])) {
key_check($area);
$comments_show = 'y';
$commentslib->remove_comment($_REQUEST["comments_threadId"]);
} else {
key_get($area);
}
}
}
$smarty->assign('comment_preview', 'n');
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/copyrights.php,v 1.5 2004-03-28 07:32:22 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/copyrights.php,v 1.6 2004-03-31 07:38:41 mose Exp $
// Copyright (c) 2002-2004, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -86,7 +86,13 @@ if (isset($_REQUEST['action']) && isset($_REQUEST['copyrightId'])) {
} elseif ($_REQUEST['action'] == 'down') {
$copyrightslib->down_copyright($_REQUEST['copyrightId']);
} elseif ($_REQUEST['action'] == 'delete') {
$copyrightslib->remove_copyright($_REQUEST['copyrightId']);
$area = 'delcopyright';
if (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"])) {
key_check($area);
$copyrightslib->remove_copyright($_REQUEST['copyrightId']);
} else {
key_get($area);
}
}
}
......
......@@ -3942,6 +3942,7 @@ INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_user_watches','
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_view_tpl','y');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_warn_on_edit','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_webmail','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_allowhtml','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_attachments','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_comments','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_description','n');
......
......@@ -4998,6 +4998,8 @@ INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_warn_on_edit','
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_webmail','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_allowhtml','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_attachments','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_comments','n');
......
......@@ -4814,6 +4814,8 @@ INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_warn_on_edit','
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_webmail','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_allowhtml','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_attachments','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_comments','n');
......
......@@ -4814,6 +4814,8 @@ INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_warn_on_edit','
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_webmail','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_allowhtml','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_attachments','n');
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_comments','n');
......
......@@ -6522,6 +6522,10 @@ INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_webmail','n')
go
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_allowhtml','n')
go
INSERT INTO "tiki_preferences" ("name","value") VALUES ('feature_wiki_attachments','n')
go
......
......@@ -156,7 +156,8 @@ function make_clean(&$var) {
make_clean($var[$key]);
}
} else {
$var = htmlspecialchars($var, ENT_QUOTES);
// $var = htmlspecialchars($var, ENT_QUOTES);
$var = htmlspecialchars($var); // ideally use ENT_QUOTES but this is too aggressive for names like o'doyle etc.
}
}
......@@ -167,7 +168,8 @@ function get_unclean($var) {
$ret[$key] = get_unclean($val);
}
} else {
$ret = strtr($encoded,array_flip(get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES)));
// $ret = strtr($encoded,array_flip(get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES)));
$ret = strtr($encoded,array_flip(get_html_translation_table(HTML_SPECIALCHARS))); // ENT_QUOTES needs to match make_clean
}
return $ret;
}
......
# $Header: /cvsroot/tikiwiki/tiki/db/tiki.sql,v 1.173 2004-03-27 21:23:53 mose Exp $
# $Header: /cvsroot/tikiwiki/tiki/db/tiki.sql,v 1.174 2004-03-31 07:38:42 mose Exp $
# phpMyAdmin MySQL-Dump
# version 2.5.1
# http://www.phpmyadmin.net/ (download page)
......@@ -4012,6 +4012,7 @@ INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_user_watches','
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_view_tpl','y');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_warn_on_edit','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_webmail','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_allowhtml','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_attachments','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_comments','n');
INSERT IGNORE INTO tiki_preferences(name,value) VALUES ('feature_wiki_description','n');
......
# $Id: tiki_1.7to1.8.sql,v 1.105 2004-03-27 21:23:53 mose Exp $
# $Id: tiki_1.7to1.8.sql,v 1.106 2004-03-31 07:38:42 mose Exp $
# The following script will update a tiki database from verion 1.7 to 1.8
#
......@@ -176,6 +176,7 @@ INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_userVer
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_user_watches', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_warn_on_edit', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_webmail', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_wiki_allowhtml', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_wiki_attachments', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_wiki_comments', 'n');
INSERT /* IGNORE */ INTO tiki_preferences (name, value) VALUES ('feature_wiki_description', 'n');
......
......@@ -348,6 +348,10 @@ class DirLib extends TikiLib {
function dir_replace_site($siteId, $name, $description, $url, $country, $isValid) {
global $cachepages;
make_clean($name);
make_clean($description);
make_clean($url);
make_clean($country);
$now = date("U");
if ($siteId) {
......
......@@ -3384,15 +3384,15 @@ function get_user_preference($user, $name, $default = '') {
function set_user_preference($user, $name, $value) {
global $user_preferences;
$user_preferences[$user][$name] = $value;
$query = "delete from `tiki_user_preferences`where `user`=? and `prefName`=?";
$bindvars=array($user,$name);
$result = $this->query($query, $bindvars, -1,-1,false);
$query = "insert into `tiki_user_preferences`(`user`,`prefName`,`value`) values(?, ?, ?)";
$bindvars[]=$value;
$result = $this->query($query, $bindvars);
return true;
make_clean($value);
$user_preferences[$user][$name] = $value;
$query = "delete from `tiki_user_preferences` where `user`=? and `prefName`=?";
$bindvars=array($user,$name);
$result = $this->query($query, $bindvars, -1,-1,false);
$query = "insert into `tiki_user_preferences`(`user`,`prefName`,`value`) values(?, ?, ?)";
$bindvars[]=$value;
$result = $this->query($query, $bindvars);
return true;
}
function validate_user($user, $pass) {
......
<?php
/* $Header: /cvsroot/tikiwiki/tiki/lib/tikiticketlib.php,v 1.7 2004-03-29 21:26:30 mose Exp $
/* $Header: /cvsroot/tikiwiki/tiki/lib/tikiticketlib.php,v 1.8 2004-03-31 07:38:43 mose Exp $
Tikiwiki CSRF protection.
also called : anti-banana-skin (oops)
Install:
- copy tikiticketlib.php in lib/tikiticketlib.php (or anywhere to your taste)
- add at the very top of setup.php, under session_start();
include "lib/tikiticketlib.php";
or anywhere your taste previous stated something else
= CLOSING
ask_ticket('something');
- for marking where begins an edit or admin area
that requires protection.
- on most administrative pages that ticket request
should occur AFTER all active tests for modification
- some pages include the edit and display part in same
place. In such case use the ask_ticket at the end of
conditionnal block that determines we are in edit mode.
= OPENING
check_ticket('something');
- for testing if the right ticket have been generated
- that call should occur just after the test of $_REQUEST
variables to see if something is due to be modified.
- if the check fails, it sends a mail to apache admin with
faulty link and referer so the problem can be tracked.
= EXAMPLE
# file tiki-admin_cookies.php
<?php
require_once ('tiki-setup.php');
include_once ('lib/taglines/taglinelib.php');
if ($tiki_p_edit_cookies != 'y') {
$smarty->assign('msg', tra("You dont have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
# insert protection here, with arbitrary string "admin_coojie"
ask_ticket('admin_cookie');
# ... snip ...
if (isset($_REQUEST["remove"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->remove_cookie($_REQUEST["remove"]);
}
if (isset($_REQUEST["removeall"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->remove_all_cookies();
}
if (isset($_REQUEST["upload"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
if (isset($_FILES['userfile1']) &&
is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$fp = fopen($_FILES['userfile1']['tmp_name'], "r");
# ... snip ...
if (isset($_REQUEST["save"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->replace_cookie($_REQUEST["cookieId"], $_REQUEST["cookie"]);
# ... snip ...
$smarty->assign('mid', 'tiki-admin_cookies.tpl');
$smarty->display("tiki.tpl");
?>
please ask admins@tikiwiki.org if you are lost with a complicated case.
also called Sea-Surfing
please report to security@tikiwiki.org
if you find a better way to handle sea surfing nastiness
*/
//this script may only be included - so its better to die if called directly.
......@@ -95,25 +13,17 @@ if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__)) !== false) {
header("location: index.php");
}
// obsolete: will be removed soon
function ask_ticket($area) {
$_SESSION['antisurf'] = $area;
//$_SESSION['antisurf'] = $area;
return true;
}
// obsolete: will be removed soon
function check_ticket($area) {
/*
if (!isset($_SESSION['antisurf'])) $_SESSION['antisurf'] = '';
if ($_SESSION['antisurf'] != $area) {
/* that part is optionnal, it sends a mail of alert
$body = "\nCSRF: ";
if (isset($_SERVER["SCRIPT_URI"]) and $_SERVER["SCRIPT_URI"]) {
$body.= $_SERVER["SCRIPT_URI"];
} else {
$body.= $_SERVER["HTTP_HOST"];
}
if (isset($_SERVER["QUERY_STRING"]) and $_SERVER["QUERY_STRING"]) {
$body.= "?".$_SERVER["QUERY_STRING"];
}
$body.= "\nfrom: ".$_SERVER["HTTP_REFERER"]."\n";
@mail($_SERVER['SERVER_ADMIN'],"[CSRF] alert",$body);
*/
global $smarty, $feature_ticketlib;
$_SESSION['antisurf'] = $area;
if ($feature_ticketlib == 'y') {
......@@ -125,5 +35,33 @@ function check_ticket($area) {
die;
}
}
*/
return true;
}
// new valid function for ticketing :
function key_get($area) {
global $smarty;
$_SESSION["ticket_$area"] = time();
$smarty->assign('confirmaction', $_SERVER['REQUEST_URI']);
$smarty->display("confirm.tpl");
die();
}
function key_check($area) {
global $_SESSION;
if (isset($_SESSION["ticket_$area"])
and $_SESSION["ticket_$area"] < date('U')
and $_SESSION["ticket_$area"] > (date('U')-(60*15))) {
return true;
}
global $smarty;
unset($_SESSION["ticket_$area"]);
$smarty->assign('msg',tra('Sea Surfing (CSRF) detected. Operation blocked.'));
$smarty->assign('nocreate',1);
$smarty->display("error.tpl");
die();
}
?>
<?php
/*
* $Header: /cvsroot/tikiwiki/tiki/lib/wiki-plugins/wikiplugin_sf.php,v 1.3 2003-11-23 22:03:14 gongo Exp $
* $Header: /cvsroot/tikiwiki/tiki/lib/wiki-plugins/wikiplugin_sf.php,v 1.4 2004-03-31 07:38:43 mose Exp $
*
* TikiWiki SF auto-links.
*
......@@ -53,7 +53,7 @@ function get_artifact_label($gid,$atid,$aid,$reload=false) {
}
function wikiplugin_sf($data, $params) {
if (function_exists("curl_init")) {
# customize that (or extract it in a db)
$sftags['bugs'] = array('64258','506846');
$sftags['rfe'] = array('64258','506849');
......@@ -79,6 +79,9 @@ function wikiplugin_sf($data, $params) {
$label = get_artifact_label($sf_group_id,$sf_atid,$aid);
//$back = "[http://sf.net/tracker/index.php?func=detail&amp;aid=$aid&amp;group_id=$sf_group_id&amp;atid=$sf_atid|$tag:#$aid: $label|nocache]";
$back = "<a href='http://sf.net/tracker/index.php?func=detail&amp;aid=$aid&amp;group_id=$sf_group_id&amp;atid=$sf_atid' target='_blank' title='$tag:#$aid' class='wiki'>$label</a>";
} else {
$back = "SF plugin : You need php-curl module to be loaded to use that feature.";
}
return $back;
}
......
......@@ -44,7 +44,13 @@ if ($feature_shoutbox == 'y' && $tiki_p_view_shoutbox == 'y') {
if ($tiki_p_admin_shoutbox == 'y') {
if (isset($_REQUEST["shout_remove"])) {
$shoutboxlib->remove_shoutbox($_REQUEST["shout_remove"]);
$area = 'delshoutboxentry';
if (isset($_POST['daconfirm']) and isset($_SESSION["ticket_$area"])) {
key_check($area);
$shoutboxlib->remove_shoutbox($_REQUEST["shout_remove"]);
} else {
key_get($area);
}
}
}
......
{* $Header: /cvsroot/tikiwiki/tiki/templates/attachments.tpl,v 1.20 2004-03-15 07:55:51 mose Exp $ *}
{* $Header: /cvsroot/tikiwiki/tiki/templates/attachments.tpl,v 1.21 2004-03-31 07:38:44 mose Exp $ *}
<a name="attachments"></a>
{* Don't even generate DIV if no any needed rights *}
......@@ -39,8 +39,7 @@
{$atts[ix].filename|iconify}
<a class="tablename" href="tiki-download_wiki_attachment.php?attId={$atts[ix].attId}">{$atts[ix].filename}</a>
{if $tiki_p_wiki_admin_attachments eq 'y' or ($user and ($atts[ix].user eq $user))}
&nbsp;&nbsp;<a title="{tr}delete{/tr}" class="link" href="tiki-index.php?page={$page|escape:"url"}&amp;removeattach={$atts[ix].attId}&amp;offset={$offset}&amp;sort_mode={$sort_mode}"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this attachment?{/tr}')"><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete2.gif" /></a>&nbsp;&nbsp;
&nbsp;&nbsp;<a title="{tr}delete{/tr}" class="link" href="tiki-index.php?page={$page|escape:"url"}&amp;removeattach={$atts[ix].attId}&amp;offset={$offset}&amp;sort_mode={$sort_mode}"><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete2.gif" /></a>&nbsp;&nbsp;
{/if}
</td>
<td class="{cycle advance=false}"><small>{$atts[ix].comment}</small></td>
......
{* $Header: /cvsroot/tikiwiki/tiki/templates/comments.tpl,v 1.37 2004-03-21 19:22:08 sylvieg Exp $ *}
{* $Header: /cvsroot/tikiwiki/tiki/templates/comments.tpl,v 1.38 2004-03-31 07:38:44 mose Exp $ *}
<a name="comments"></a>
<br />
......@@ -112,7 +112,7 @@
{/if}
{if $tiki_p_remove_comments eq 'y'}
&nbsp;&nbsp;(<a title="{tr}delete{/tr}" class="link" href="{$comments_complete_father}comments_threshold={$comments_threshold}&amp;comments_threadId={$comments_coms[com].threadId}&amp;comments_remove=1&amp;comments_offset={$comments_offset}&amp;comments_sort_mode={$comments_sort_mode}&amp;comments_maxComments={$comments_maxComments}&amp;comments_parentId={$comments_parentId}"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this comment?{/tr}')"><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete.gif" /></a>)&nbsp;&nbsp;
><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete.gif" /></a>)&nbsp;&nbsp;
{/if}
{if $tiki_p_edit_comments eq 'y'}
(<a title="{tr}edit{/tr}" class="link" href="{$comments_complete_father}comments_threadId={$comments_coms[com].threadId}&amp;comments_threshold={$comments_threshold}&amp;comments_offset={$comments_offset}&amp;comments_sort_mode={$comments_sort_mode}&amp;comments_maxComments={$comments_maxComments}&amp;comments_parentId={$comments_parentId}"><img border="0" alt="{tr}Edit{/tr}" src="img/icons/edit.gif" /></a>)
......
{* Index we display a wiki page here *}
{include file="header.tpl"}
{if $feature_bidi eq 'y'}
<table dir="rtl" ><tr><td>
{/if}
<div id="tiki-main">
{if $feature_top_bar eq 'y'}
<div id="tiki-top">
{include file="tiki-top_bar.tpl"}
</div>
{/if}
<div id="tiki-mid">
<table border="0" cellpadding="0" cellspacing="0" >
<tr>
{if $feature_left_column eq 'y'}
<td id="leftcolumn">
{section name=homeix loop=$left_modules}
{$left_modules[homeix].data}
{/section}
</td>
{/if}
<td id="centercolumn"><div id="tiki-center">
<br />
<div class="cbox">
<br />
<div class="cbox-data">
<form action="{$confirmaction}" method="post">
<input type="submit" name="daconfirm" value="{tr}Click here to confirm your action{/tr}" />
<span class="button2"><a href="javascript:history.back()" class="linkbut">{tr}Go back{/tr}</a></span>
<span class="button2"><a href="{$tikiIndex}" class="linkbut">{tr}Return to home page{/tr}</a></span>
</form>
</div>
</div><br />
</div></td>
{if $feature_right_column eq 'y'}
<td id="rightcolumn">
{section name=homeix loop=$right_modules}
{$right_modules[homeix].data}
{/section}
</td>
{/if}
</tr>
</table>
</div>
{if $feature_bot_bar eq 'y'}
<div id="tiki-bot">
{include file="tiki-bot_bar.tpl"}
</div>
{/if}
</div>
{if $feature_bidi eq 'y'}
</td></tr></table>
{/if}
{include file="footer.tpl"}
......@@ -14,7 +14,7 @@
</td><td class="formcolor" align="right">
<input type="submit" name="editcopyright" value="{tr}edit{/tr}"/><br />
<a title="{tr}delete{/tr}" href="copyrights.php?page={$page|escape:"url"}&amp;action=delete&amp;copyrightId={$copyrights[i].copyrightId}"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this copyright?{/tr}')"><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete.gif" /></a>
><img border="0" alt="{tr}Remove{/tr}" src="img/icons2/delete.gif" /></a>
<a href="copyrights.php?page={$page|escape:"url"}&amp;action=up&amp;copyrightId={$copyrights[i].copyrightId}">up</a>
<a href="copyrights.php?page={$page|escape:"url"}&amp;action=down&amp;copyrightId={$copyrights[i].copyrightId}">down</a>
</form>
......
......@@ -28,7 +28,7 @@
</div>
<div class="cbox-data">
{$msg}<br /><br />
{if $page and ($tiki_p_admin eq 'y' or $tiki_p_admin_wiki eq 'y')}<a href="tiki-editpage.php?page={$page}" class="linkmenu">{tr}Create this page{/tr}</a><br /><br />{/if}
{if $page and !$nocreate and ($tiki_p_admin eq 'y' or $tiki_p_admin_wiki eq 'y')}<a href="tiki-editpage.php?page={$page}" class="linkmenu">{tr}Create this page{/tr}</a><br /><br />{/if}
<a href="javascript:history.back()" class="linkmenu">{tr}Go back{/tr}</a><br /><br />
<a href="{$tikiIndex}" class="linkmenu">{tr}Return to home page{/tr}</a>
</div>
......
{* $Header: /cvsroot/tikiwiki/tiki/templates/map/tiki-map_upload.tpl,v 1.7 2003-11-23 22:27:35 gongo Exp $ *}
{* $Header: /cvsroot/tikiwiki/tiki/templates/map/tiki-map_upload.tpl,v 1.8 2004-03-31 07:38:45 mose Exp $ *}
<a class="pagetitle" href="tiki-map_upload.php">Layer Management</a><br/><br/>
<h3>{tr}{$dir}{/tr}</h3>
......@@ -17,7 +17,6 @@
<td class="odd">
{if $tiki_p_map_delete eq 'y'}
<a class="link" href="tiki-map_upload.php?dir={$dir}&amp;directory={$dirs[user]}&amp;action=deldir"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this directory?{/tr}')">
<img src='img/icons2/delete.gif' border='0' alt='{tr}delete{/tr}' title='{tr}delete{/tr}' />
</a>
{/if}
......@@ -33,7 +32,6 @@ onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this di
<td class="even">
{if $tiki_p_map_delete eq 'y'}
<a class="link" href="tiki-map_upload.php?dir={$dir}&amp;directory={$dirs[user]}&amp;action=deldir"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this directory?{/tr}')">
<img src='img/icons2/delete.gif' border='0' alt='{tr}delete{/tr}' title='{tr}delete{/tr}' />
</a>
{/if}
......@@ -51,7 +49,6 @@ onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this di
<td class="odd">
{if $tiki_p_map_delete eq 'y'}
<a class="link" href="tiki-map_upload.php?dir={$dir}&amp;file={$files[user]}&amp;action=delete"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this file?{/tr}')">
<img src='img/icons2/delete.gif' border='0' alt='{tr}delete{/tr}' title='{tr}delete{/tr}' />
</a>
{/if}
......@@ -65,7 +62,6 @@ onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this fi
<td class="even">
{if $tiki_p_map_delete eq 'y'}
<a class="link" href="tiki-map_upload.php?dir={$dir}&amp;file={$files[user]}&amp;action=delete"
onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this file?{/tr}')">
<img src='img/icons2/delete.gif' border='0' alt='{tr}delete{/tr}' title='{tr}delete{/tr}' />
</a>
{/if}
......@@ -106,4 +102,4 @@ onclick="return confirmTheLink(this,'{tr}Are you sure you want to delete this fi
{tr}files to index (regexp):{/tr} <input name="filestoindex" type="text">
<input type="submit" value="{tr}Create{/tr}">
</form>
{/if}
\ No newline at end of file
{/if}
{* $Header: /cvsroot/tikiwiki/tiki/templates/modules/mod-wiki_last_comments.tpl,v 1.3 2004-03-07 23:12:10 mose Exp $ *}
{* $Header: /cvsroot/tikiwiki/tiki/templates/modules/mod-wiki_last_comments.tpl,v 1.4 2004-03-31 07:38:45 mose Exp $ *}
{if $feature_forums eq 'y'}
{if $feature_wiki eq 'y'}
{if $nonums eq 'y'}
{eval var="{tr}Last `$module_rows` wiki comments{/tr}" assign="tpl_module_title"}
{else}
......
......@@ -162,7 +162,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -163,7 +163,7 @@
</table>
</td>
{/if}
{if $tiki_p_use_HTML eq 'y'}
{if $feature_wiki_allowhtml eq 'y' and $tiki_p_use_HTML eq 'y'}
<tr><td class="formcolor">{tr}Allow HTML{/tr}: </td><td class="formcolor"><input type="checkbox" name="allowhtml" {if $allowhtml eq 'y'}checked="checked"{/if}/></td>
{/if}
{if $wiki_spellcheck eq 'y'}
......
......@@ -280,6 +280,7 @@
</td></tr>
<tr><td class="form">{tr}Automonospaced text{/tr}:</td><td><input type="checkbox" name="feature_wiki_monosp" {if $feature_wiki_monosp eq 'y'}checked="checked"{/if}/></td></tr>
<tr><td class="form">{tr}Uses Slideshow{/tr}:</td><td><input type="checkbox" name="wiki_uses_slides" {if $wiki_uses_slides eq 'y'}checked="checked"{/if}/></td></tr>
<tr><td class="form">{tr}Allow HTML{/tr}:</td><td><input type="checkbox" name="feature_wiki_allowhtml" {if $feature_wiki_allowhtml eq 'y'}checked="checked"{/if}/></td></tr>
<tr><td colspan="2" class="button"><input type="submit" name="wikifeatures" value="{tr}Change preferences{/tr}" /></td></tr>
</table>
</form>
......