Project

General

Profile

« Previous | Next » 

Revision 1402

Added by Dietmar almost 14 years ago

secure peparing and beginning fix admin/pages

View differences:

save.php
15 15 
 * @lastmodified    $Date$
16 16 
 *
17 17 
 */
18 
/*
19 
*/
20 
// Create new admin object
21 
require('../../config.php');
22 
require_once(WB_PATH.'/framework/class.admin.php');
23 
$admin = new admin('Pages', 'pages_modify');
18 24 

  		




  
  25
  
    
if (!$admin->checkFTAN())


  		




  
  26
  
    
{


  		




  
  27
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');


  		




  
  28
  
    
	exit();


  		




  
  29
  
    
}


  		




  
  30
  
    

  		




  19
  31
  
    
// Get page & section id


  		




  20
  32
  
    
if(!isset($_POST['page_id']) || !is_numeric($_POST['page_id'])) {


  		




  21
  33
  
    
	header("Location: index.php");


  		




  ......




  23
  35
  
    
} else {


  		




  24
  36
  
    
	$page_id = intval($_POST['page_id']);


  		




  25
  37
  
    
}


  		




  
  38
  
    

  		




  26
  39
  
    
if(!isset($_POST['section_id']) || !is_numeric($_POST['section_id'])) {


  		




  27
  40
  
    
	header("Location: index.php");


  		




  28
  41
  
    
	exit(0);


  		




  ......




  30
  43
  
    
	$section_id = intval($_POST['section_id']);


  		




  31
  44
  
    
}


  		




  32
  45
  
    

  		




  33
  
  
    
// Create new admin object


  		




  34
  
  
    
require('../../config.php');


  		




  35
  
  
    
require_once(WB_PATH.'/framework/class.admin.php');


  		




  36
  
  
    
$admin = new admin('Pages', 'pages_modify');


  		




  
  46
  
    
/*


  		




  
  47
  
    
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )


  		




  
  48
  
    
{


  		




  
  49
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);


  		




  
  50
  
    
	exit();


  		




  
  51
  
    
}


  		




  37
  52
  
    

  		




  38
  
  
    
if (!$admin->checkFTAN())


  		




  
  53
  
    
if( (!($section_id= $admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD']))) )


  		




  39
  54
  
    
{


  		




  40
  
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');


  		




  
  55
  
    
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);


  		




  41
  56
  
    
	exit();


  		




  42
  57
  
    
}


  		




  
  58
  
    
*/


  		




  
  59
  
    

  		




  43
  60
  
    
$js_back = "javascript: history.go(-1);";


  		




  44
  61
  
    

  		




  45
  62
  
    
// Get perms


  		




  ......




  96
  113
  
    
{


  		




  97
  114
  
    
	$admin->print_error($database->get_error(), $js_back);


  		




  98
  115
  
    
} else {


  		




  99
  
  
    
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);


  		




  
  116
  
    
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'] );


  		




  100
  117
  
    
}


  		




  101
  118
  
    

  		




  102
  119
  
    
// Print admin footer


  		












Also available in:  Unified diff