Revision 1353
Added by FrankH almost 14 years ago
| add.php | ||
|---|---|---|
| 27 | 27 |
// Get values |
| 28 | 28 |
$title = $admin->get_post_escaped('title');
|
| 29 | 29 |
$title = htmlspecialchars($title); |
| 30 |
$module = $admin->get_post('type');
|
|
| 31 |
$parent = $admin->get_post('parent');
|
|
| 30 |
$module = preg_replace("/\W/", "", $admin->get_post('type')); // fix secunia 2010-93-4
|
|
| 31 |
$parent = (int) $admin->get_post('parent'); // fix secunia 2010-91-2
|
|
| 32 | 32 |
$visibility = $admin->get_post('visibility');
|
| 33 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix secunia 2010-91-2
|
|
| 33 | 34 |
$admin_groups = $admin->get_post('admin_groups');
|
| 34 | 35 |
$viewing_groups = $admin->get_post('viewing_groups');
|
| 35 | 36 |
|
| ... | ... | |
| 88 | 89 |
} |
| 89 | 90 |
} |
| 90 | 91 |
|
| 91 |
$admin_groups = implode(',', $admin_groups);
|
|
| 92 |
$viewing_groups = implode(',', $viewing_groups);
|
|
| 92 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
| 93 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
| 93 | 94 |
|
| 94 | 95 |
// Work-out what the link and page filename should be |
| 95 | 96 |
if($parent == '0') |
Also available in: Unified diff
Security fixes