Revision 1353
Added by FrankH almost 14 years ago
settings2.php | ||
---|---|---|
36 | 36 |
// Get values |
37 | 37 |
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') ); |
38 | 38 |
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') ); |
39 |
$page_code = $admin->get_post_escaped('page_code'); |
|
39 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
|
40 | 40 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) ); |
41 | 41 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) ); |
42 |
$parent = $admin->get_post_escaped('parent');
|
|
42 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
|
43 | 43 |
$visibility = $admin->get_post_escaped('visibility'); |
44 |
$template = $admin->get_post_escaped('template'); |
|
45 |
$target = $admin->get_post_escaped('target'); |
|
44 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix |
|
45 |
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3 |
|
46 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target')); |
|
46 | 47 |
$admin_groups = $admin->get_post_escaped('admin_groups'); |
47 | 48 |
$viewing_groups = $admin->get_post_escaped('viewing_groups'); |
48 | 49 |
$searching = $admin->get_post_escaped('searching'); |
49 |
$language = $admin->get_post_escaped('language'); |
|
50 |
$menu = $admin->get_post_escaped('menu'); |
|
50 |
$language = strtoupper($admin->get_post('language')); |
|
51 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); |
|
52 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3 |
|
51 | 53 |
|
52 | 54 |
// Validate data |
53 | 55 |
if($page_title == '' || substr($page_title,0,1)=='.') |
... | ... | |
95 | 97 |
//if(!in_array(1, $admin->get_groups_id())) { |
96 | 98 |
// $admin_groups[] = implode(",",$admin->get_groups_id()); |
97 | 99 |
//} |
98 |
$admin_groups = implode(',', $admin_groups);
|
|
100 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
99 | 101 |
// Setup viewing groups |
100 | 102 |
$viewing_groups[] = 1; |
101 | 103 |
//if(!in_array(1, $admin->get_groups_id())) { |
102 | 104 |
// $viewing_groups[] = implode(",",$admin->get_groups_id()); |
103 | 105 |
//} |
104 |
$viewing_groups = implode(',', $viewing_groups);
|
|
106 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
105 | 107 |
|
106 | 108 |
// If needed, get new order |
107 | 109 |
if($parent != $old_parent) |
... | ... | |
193 | 195 |
$sql .= '`language` = "'.$language.'", '; |
194 | 196 |
$sql .= '`admin_groups` = "'.$admin_groups.'", '; |
195 | 197 |
$sql .= '`viewing_groups` = "'.$viewing_groups.'"'; |
196 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.(int)$page_code.' ' : ' ';
|
|
198 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.$page_code.' ' : ' '; |
|
197 | 199 |
$sql .= 'WHERE `page_id` = '.$page_id; |
198 | 200 |
$database->query($sql); |
199 | 201 |
|
Also available in: Unified diff
Security fixes