Revision 1383
Added by FrankH almost 14 years ago
- Security fix for news module
- Some more Security fixes, thanks to Gerben van Veenendaal
| comment.php | ||
|---|---|---|
| 18 | 18 |
|
| 19 | 19 |
// Include config file |
| 20 | 20 |
require('../../config.php');
|
| 21 |
require_once(WB_PATH.'/framework/class.wb.php'); |
|
| 22 |
$wb = new wb; |
|
| 21 | 23 |
|
| 22 | 24 |
// Check if there is a post id |
| 23 |
if(!isset($_GET['post_id']) OR !is_numeric($_GET['post_id']) |
|
| 24 |
OR !isset($_GET['section_id']) OR !is_numeric($_GET['section_id'])) |
|
| 25 |
{
|
|
| 26 |
header("Location: ".WB_URL.PAGES_DIRECTORY."");
|
|
| 27 |
exit( 0 ); |
|
| 25 |
$post_id = $wb->checkIDKEY('post_id', false, 'GET');
|
|
| 26 |
if (!$post_id OR !isset($_GET['section_id']) OR !is_numeric($_GET['section_id'])) {
|
|
| 27 |
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL); |
|
| 28 |
exit(); |
|
| 28 | 29 |
} |
| 29 |
$post_id = $_GET['post_id']; |
|
| 30 | 30 |
$section_id = $_GET['section_id']; |
| 31 | 31 |
|
| 32 | 32 |
// Query post for page id |
Also available in: Unified diff