Project

General

Profile

« Previous | Next » 

Revision 1384

Added by Dietmar almost 14 years ago

Security fix in admin/pages

View differences:

settings.php
17 17
 */
18 18

  
19 19
// Get page id
20
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id']))
20
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id']))
21 21
{
22 22
	header("Location: index.php");
23 23
	exit(0);
......
56 56
		$in_old_group = TRUE;
57 57
	}
58 58
}
59
if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
59
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
60 60
{
61 61
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
62 62
}
......
103 103
				'MODIFIED_WHEN' => $modified_ts,
104 104
				'ADMIN_URL' => ADMIN_URL,
105 105
				'WB_URL' => WB_URL,
106
				'WB_PATH' => WB_PATH,
107 106
				'THEME_URL' => THEME_URL
108 107
				)
109 108
		);

Also available in: Unified diff