Revision 656
Added by thorn over 16 years ago
save_field.php | ||
---|---|---|
36 | 36 |
exit(0); |
37 | 37 |
} else { |
38 | 38 |
$field_id = $_POST['field_id']; |
39 |
$field_id = $field_id; |
|
40 | 39 |
} |
41 | 40 |
|
42 | 41 |
// Include WB admin wrapper script |
... | ... | |
48 | 47 |
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$field_id); |
49 | 48 |
} else { |
50 | 49 |
$title = $admin->add_slashes($admin->get_post('title')); |
51 |
$type = $admin->get_post('type');
|
|
52 |
$required = $admin->get_post('required');
|
|
50 |
$type = $admin->add_slashes($admin->get_post('type'));
|
|
51 |
$required = $admin->add_slashes($admin->get_post('required'));
|
|
53 | 52 |
} |
54 | 53 |
$value = ''; |
55 | 54 |
|
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].