Revision 656
Added by thorn over 16 years ago
| save_field.php | ||
|---|---|---|
| 36 | 36 |
exit(0); |
| 37 | 37 |
} else {
|
| 38 | 38 |
$field_id = $_POST['field_id']; |
| 39 |
$field_id = $field_id; |
|
| 40 | 39 |
} |
| 41 | 40 |
|
| 42 | 41 |
// Include WB admin wrapper script |
| ... | ... | |
| 48 | 47 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$field_id); |
| 49 | 48 |
} else {
|
| 50 | 49 |
$title = $admin->add_slashes($admin->get_post('title'));
|
| 51 |
$type = $admin->get_post('type');
|
|
| 52 |
$required = $admin->get_post('required');
|
|
| 50 |
$type = $admin->add_slashes($admin->get_post('type'));
|
|
| 51 |
$required = $admin->add_slashes($admin->get_post('required'));
|
|
| 53 | 52 |
} |
| 54 | 53 |
$value = ''; |
| 55 | 54 |
|
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].