Project

General

Profile

« Previous | Next » 

Revision 1402

Added by Luisehahne almost 15 years ago

secure peparing and beginning fix admin/pages

View differences:

delete.php
16 16 
 *
17 17 
 */
18 18 

  		




  19
  
  
    
// Get page id


  		




  20
  
  
    
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {


  		




  21
  
  
    
	header("Location: index.php");


  		




  22
  
  
    
	exit(0);


  		




  23
  
  
    
} else {


  		




  24
  
  
    
	$page_id = $_GET['page_id'];


  		




  25
  
  
    
}


  		




  26
  19
  
    

  		




  27
  20
  
    
// Create new admin object and print admin header


  		




  28
  21
  
    
require('../../config.php');


  		




  ......




  31
  24
  
    

  		




  32
  25
  
    
// Include the WB functions file


  		




  33
  26
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  
  27
  
    

  		




  34
  28
  
    
/*


  		




  35
  
  
    
if (!$admin->checkIDKEY('page_id', 0, 'GET'))


  		




  
  29
  
    
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )


  		




  36
  30
  
    
{


  		




  37
  31
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);


  		




  38
  32
  
    
	exit();


  		




  39
  33
  
    
}


  		




  40
  34
  
    
*/


  		




  
  35
  
    

  		




  
  36
  
    
// Get page id


  		




  
  37
  
    
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {


  		




  
  38
  
    
	header("Location: index.php");


  		




  
  39
  
    
	exit(0);


  		




  
  40
  
    
} else {


  		




  
  41
  
    
	$page_id = $_GET['page_id'];


  		




  
  42
  
    
}


  		




  
  43
  
    

  		




  41
  44
  
    
// Get perms


  		




  42
  45
  
    
if (!$admin->get_page_permission($page_id,'admin')) {


  		




  43
  46
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		












Also available in:  Unified diff