# HG changeset patch # User Dan # Date 1186939984 14400 # Node ID fea81844b9a5967a8de0841fbb215531d832ab3c # Parent 9e303b7e95c2c311017a341a191c9e177cdc523b Fixed XSS vulnerability in admin panel page manager diff -r 9e303b7e95c2 -r fea81844b9a5 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sun Aug 12 13:14:26 2007 -0400 +++ b/plugins/SpecialAdmin.php Sun Aug 12 13:33:04 2007 -0400 @@ -1601,10 +1601,10 @@ } echo '

'; ?> -

Modify page:

- + @@ -1628,7 +1628,7 @@ pages)/2;$i++) { - if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo ''."\n"; + if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo ''."\n"; } ?>

Namespace:
Page title:
Page title:
Page URL string: No spaces, and don't enter the namespace prefix (e.g. User:). Changing this value is usually not a good idea, especially for templates and project pages.
	name="comments_on" type="checkbox" id="cmt" /> Enable comments for this page
	name="special" type="checkbox" id="spc" /> Bypass the template engine for this page This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.