Revision 1376
Added by FrankH almost 15 years ago
- Security fix for WYSIWYG module
- Security fix for Wrapper module
| save.php | ||
|---|---|---|
| 22 | 22 |
$update_when_modified = true; // Tells script to update when this page was last updated |
| 23 | 23 |
require(WB_PATH.'/modules/admin.php'); |
| 24 | 24 |
|
| 25 |
if (!$admin->checkFTAN()) |
|
| 26 |
{
|
|
| 27 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); |
|
| 28 |
exit(); |
|
| 29 |
} |
|
| 30 |
|
|
| 25 | 31 |
// Include the WB functions file |
| 26 | 32 |
require_once(WB_PATH.'/framework/functions.php'); |
| 27 | 33 |
|
| ... | ... | |
| 30 | 36 |
$content = $admin->add_slashes($_POST['content'.$section_id]); |
| 31 | 37 |
// searching in $text will be much easier this way |
| 32 | 38 |
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0); |
| 33 |
$database = new database(); |
|
| 34 | 39 |
$query = "UPDATE ".TABLE_PREFIX."mod_wysiwyg SET content = '$content', text = '$text' WHERE section_id = '$section_id'"; |
| 35 | 40 |
$database->query($query); |
| 36 | 41 |
} |
Also available in: Unified diff