Project

General

Profile

« Previous | Next » 

Revision 1353

Added by FrankH almost 14 years ago

Security fixes

View differences:

admin.php
43 43
	$section_id = $_POST['section_id'];
44 44
} else {
45 45
	// Check if we should redirect the user if there is no section id
46
	if(!isset($section_required))
46
	if (isset($no_section_required))
47 47
	{
48 48
		$section_id = 0;
49 49
	} else {
......
84 84
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
85 85
}
86 86

  
87
// Check whether the section_id belongs to the page_id at all
88
if ($section_id != 0) {
89
	$sql  = "SELECT `position` FROM `".TABLE_PREFIX."sections` WHERE `page_id` = '$page_id' AND `section_id` = '$section_id'";
90
	$res_sec = $database->query($sql);
91
	if ($database->is_error())
92
	{
93
		$admin->print_error($database->get_error());
94
	}
95
	if ($res_sec->numRows() == 0)
96
	{
97
		$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
98
	} 
99
}
100

  
87 101
// Workout if the developer wants to show the info banner
88 102
if(isset($print_info_banner) && $print_info_banner == true)
89 103
{

Also available in: Unified diff