Revision 1384
Added by Dietmar almost 14 years ago
| save.php | ||
|---|---|---|
| 17 | 17 |
*/ |
| 18 | 18 |
|
| 19 | 19 |
// Get page & section id |
| 20 |
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
|
|
| 20 |
if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id'])) {
|
|
| 21 | 21 |
header("Location: index.php");
|
| 22 | 22 |
exit(0); |
| 23 | 23 |
} else {
|
| 24 | 24 |
$page_id = intval($_POST['page_id']); |
| 25 | 25 |
} |
| 26 |
if(!isset($_POST['section_id']) OR !is_numeric($_POST['section_id'])) {
|
|
| 26 |
if(!isset($_POST['section_id']) || !is_numeric($_POST['section_id'])) {
|
|
| 27 | 27 |
header("Location: index.php");
|
| 28 | 28 |
exit(0); |
| 29 | 29 |
} else {
|
| ... | ... | |
| 34 | 34 |
require('../../config.php');
|
| 35 | 35 |
require_once(WB_PATH.'/framework/class.admin.php'); |
| 36 | 36 |
$admin = new admin('Pages', 'pages_modify');
|
| 37 |
|
|
| 37 | 38 |
if (!$admin->checkFTAN()) |
| 38 | 39 |
{
|
| 39 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
|
|
| 40 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
|
|
| 40 | 41 |
exit(); |
| 41 | 42 |
} |
| 42 | 43 |
|
| ... | ... | |
| 55 | 56 |
$in_old_group = TRUE; |
| 56 | 57 |
} |
| 57 | 58 |
} |
| 58 |
if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
|
|
| 59 |
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
|
|
| 59 | 60 |
{
|
| 60 | 61 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
| 61 | 62 |
} |
Also available in: Unified diff
Security fix in admin/pages