Revision 1353
Added by FrankH almost 14 years ago
| settings2.php | ||
|---|---|---|
| 36 | 36 |
// Get values |
| 37 | 37 |
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') );
|
| 38 | 38 |
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') );
|
| 39 |
$page_code = $admin->get_post_escaped('page_code');
|
|
| 39 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
|
| 40 | 40 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) );
|
| 41 | 41 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) );
|
| 42 |
$parent = $admin->get_post_escaped('parent');
|
|
| 42 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
|
| 43 | 43 |
$visibility = $admin->get_post_escaped('visibility');
|
| 44 |
$template = $admin->get_post_escaped('template');
|
|
| 45 |
$target = $admin->get_post_escaped('target');
|
|
| 44 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix
|
|
| 45 |
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3
|
|
| 46 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));
|
|
| 46 | 47 |
$admin_groups = $admin->get_post_escaped('admin_groups');
|
| 47 | 48 |
$viewing_groups = $admin->get_post_escaped('viewing_groups');
|
| 48 | 49 |
$searching = $admin->get_post_escaped('searching');
|
| 49 |
$language = $admin->get_post_escaped('language');
|
|
| 50 |
$menu = $admin->get_post_escaped('menu');
|
|
| 50 |
$language = strtoupper($admin->get_post('language'));
|
|
| 51 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
|
|
| 52 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3
|
|
| 51 | 53 |
|
| 52 | 54 |
// Validate data |
| 53 | 55 |
if($page_title == '' || substr($page_title,0,1)=='.') |
| ... | ... | |
| 95 | 97 |
//if(!in_array(1, $admin->get_groups_id())) {
|
| 96 | 98 |
// $admin_groups[] = implode(",",$admin->get_groups_id());
|
| 97 | 99 |
//} |
| 98 |
$admin_groups = implode(',', $admin_groups);
|
|
| 100 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
| 99 | 101 |
// Setup viewing groups |
| 100 | 102 |
$viewing_groups[] = 1; |
| 101 | 103 |
//if(!in_array(1, $admin->get_groups_id())) {
|
| 102 | 104 |
// $viewing_groups[] = implode(",",$admin->get_groups_id());
|
| 103 | 105 |
//} |
| 104 |
$viewing_groups = implode(',', $viewing_groups);
|
|
| 106 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
| 105 | 107 |
|
| 106 | 108 |
// If needed, get new order |
| 107 | 109 |
if($parent != $old_parent) |
| ... | ... | |
| 193 | 195 |
$sql .= '`language` = "'.$language.'", '; |
| 194 | 196 |
$sql .= '`admin_groups` = "'.$admin_groups.'", '; |
| 195 | 197 |
$sql .= '`viewing_groups` = "'.$viewing_groups.'"'; |
| 196 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.(int)$page_code.' ' : ' ';
|
|
| 198 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.$page_code.' ' : ' ';
|
|
| 197 | 199 |
$sql .= 'WHERE `page_id` = '.$page_id; |
| 198 | 200 |
$database->query($sql); |
| 199 | 201 |
|
Also available in: Unified diff
Security fixes