Revision 1384
Added by Dietmar over 13 years ago
| add.php | ||
|---|---|---|
| 23 | 23 |
|
| 24 | 24 |
if (!$admin->checkFTAN()) |
| 25 | 25 |
{
|
| 26 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
|
|
| 26 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
|
|
| 27 | 27 |
exit(); |
| 28 | 28 |
} |
| 29 | 29 |
|
| ... | ... | |
| 33 | 33 |
// Get values |
| 34 | 34 |
$title = $admin->get_post_escaped('title');
|
| 35 | 35 |
$title = htmlspecialchars($title); |
| 36 |
$module = $admin->get_post('type');
|
|
| 37 |
$parent = $admin->get_post('parent');
|
|
| 36 |
$module = preg_replace("/\W/", "", $admin->get_post('type')); // fix secunia 2010-93-4
|
|
| 37 |
$parent = (int) $admin->get_post('parent'); // fix secunia 2010-91-2
|
|
| 38 | 38 |
$visibility = $admin->get_post('visibility');
|
| 39 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-91-2
|
|
| 39 | 40 |
$admin_groups = $admin->get_post('admin_groups');
|
| 40 | 41 |
$viewing_groups = $admin->get_post('viewing_groups');
|
| 41 | 42 |
|
Also available in: Unified diff
Security fix in admin/pages