1. Store the parameters inside template /config.php, so that the template will be configured easily
2. Minor layout fix
3. Security Fix (Important!)
4. Add images icon in Employer Menu
   

images/postit-small.gif
images/postit.gif
images/PremiumPostit-large.gif
images/premiumpostit.gif
include/functions.inc.php
js/general.js
candidates-header.php
display-post.php
employer-menu.php
employers-header.php
index-employer.php
index-header.php
index-home.php
js-menu.css
nas_static.php
posting-form.php
readme.txt
resume-form.php
config.php

1) Store the parameters inside /config.php, so that the template will be configured easily

edit:
/index-header.php
/candidates-header.php
/employers-header.php

ADD AT TOP:
<?php require_once(dirname(__FILE__).'/config.php');    ?>        

edit:
/index-home.php
CHANGE:
<?php if ($use_flash == true) { ?>

TO:
<?php if (NAS_1004_HOME_SHOW_THEME_FLASH == 'YES') { ?>

CHANGE:
<div style="margin-top:0px; margin-bottom:3px;">
<div style="float:left;display:inline;">

TO:
<div style="margin-top:0px; margin-bottom:3px;">
<?php if (NAS_1004_HOME_SHOW_THEME_BOX == 'YES') { ?>    
<div style="float:left;display:inline;">

BEFORE:
<div class="index_home_user2">

ADD:
<?php } ?>


BEFORE:
<div class="index_home_user2">

ADD:
<?php if (NAS_1004_HOME_SHOW_EMP_SERVICE_BOX == 'YES') { ?>

AFTER THE </div> OF "<div class="index_home_user2">"

ADD:
<?php } ?>

edit:
/nas_footer_link.php

FIND:
<div id="footer_nas">..</div>

WRAP IT BY:
<?php if (NAS_1004_FOOTER_SHOW_NAS_LABEL == 'YES') { ?>
<div id="footer_nas">..</div>
<?php } ?>



2) Setting category column configurable in Admin

edit: /index-home.php

CHANGE:
JB_display_categories($categories, 3);

TO:
JB_display_categories($categories, JB_CAT_COLS);


3) Bug fix: Add to "My Favorite icon" on top right ONLY work in IE6 / 7, but not Firefox

edit:
/js/general.js

function createBookmarkLink() {
sTitle = document.title;
sUrl = window.location.href;

if (document.all) {
// For IE
window.external.AddFavorite(sUrl, sTitle);

}else if (window.external && window.external.AddFavorite) {
window.external.AddFavorite(sUrl, sTitle);

}else if (window.sidebar && window.sidebar.addPanel) {
window.sidebar.addPanel(sTitle, sUrl, "");

}else {
//alert("do it yourself");
}
}

4) Security Fix
nas_static?page=XXX
Using $_REQUEST['page'] = preg_replace('/[^a-z]+/i', '', $_REQUEST['page']); // sanitize
That makes sure only A-Z can be in the parameter


CHANGE:
$page = $_REQUEST['page'];     
require (dirname(__FILE__).'/lang/' .$_SESSION["LANG"] . '/' . $page .'.php');

TO:     
$_SESSION["LANG"] = preg_replace('/[^a-z]+/i', '', $_SESSION["LANG"]);
$page = preg_replace('/[^a-z^_^-]+/i', '', $_REQUEST['page']);  
require (dirname(__FILE__).'/lang/' .$_SESSION["LANG"] . '/' . $page .'.php');


5) Security Fix
Use JB_escape_sql() on any data put in an SQL query

edit:
display-post.php
index-employer.php
include\functions.inc.php


6) Security Fix
Use JB_escape_sql() on any data display directly from DB

edit:
display-post.php

CHANGE:
$emp_header = '<a href="' . $link . 'show_emp=' . $POSTED_BY_ID . '"><b>' .$empl_row[CompName] . '</b></a>';

TO:
$emp_header = '<a href="' . $link . 'show_emp=' . $POSTED_BY_ID . '"><b>' .JB_escape_sql($empl_row[CompName]) . '</b></a>';



7) Other fix
edit:

display-post.php
CHANGE
$empl_row[CompName] -> $empl_row['CompName']
$empl_row[FirstName] -> $empl_row['FirstName']
$empl_row[LastName] -> $empl_row['LastName']

8) Follow the change in default template.

edit:
/candidates-header.php

CHANGE:
<meta http-equiv="description" content="<?php echo JB_SITE_DESCRIPTION; ?>">
<meta http-equiv="keywords" content="<?php echo JB_SITE_KEYWORDS; ?>">        

TO:
<meta http-equiv="description" content="<?php echo jb_escape_html(JB_SITE_DESCRIPTION); ?>">
<meta http-equiv="keywords" content="<?php echo jb_escape_html(JB_SITE_KEYWORDS); ?>">


edit:
/display-post.php

CHANGE:    
$order_str = "&order_by=".$_REQUEST['order_by']."&ord=".$ord;

TO:
$order_str = "&order_by=".$_REQUEST['order_by']."&ord=".$ord;


CHANGE:
if ($prams['guid']=='') { // the job is form this site.
$mode = "view";
JB_display_posting_form (1, $mode, $prams, $admin);
}

TO:    
//if ($prams['guid']=='') { // the job is form this site.
$mode = "view";
JB_display_posting_form (1, $mode, $prams, $admin);
//}


edit:
/js-menu.css

CHANGE:    
.XulMenu .item img { position: inline; }

TO:
.XulMenu .item img { position: static; }


edit:
/posting-form.php

CHANGE:

<?php if (JB_MAP_DISABLED != 'YES' ) {

$JB_MAP_IMAGE_FILE = 'map-small.jpg';
$JB_PIN_IMAGE_FILE = 'pin.gif';

?>        

TO:
<?php if (JB_MAP_DISABLED != 'YES' ) { ?>        


edit:
/resume-form.php
Top Comment is updated.


9) Remove files

remove:
/employer-request-form.php
/employer-email-form.php

10) Update Employer Menu images

edit:
/eployer-menu.php
/images/postit-small.gif
/images/postit.gif
/images/PremiumPostit-large.gif
/images/premiumpostit.gif