/branches/2.8.x/wb/admin/pages/settings.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1402

Added by Luisehahne almost 15 years ago

secure peparing and beginning fix admin/pages

+     *
      */
     /*
     */
     // Create new admin object
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Pages', 'pages_settings');
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions-utf8.php');
     // Get page id
     if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id']))
+    {
-...
     	$page_id = $_GET['page_id'];
+    }
     // Create new admin object
     require('../../config.php');
     require_once(WB_PATH.'/framework/class.admin.php');
     $admin = new admin('Pages', 'pages_settings');
     /*
     if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
+    {
     	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
     	exit();
+    }
     */
     // Include the WB functions file
     require_once(WB_PATH.'/framework/functions-utf8.php');
     // Get perms
     /*$database = new database(); */
     $sql = 'SELECT * FROM `'.TABLE_PREFIX.'pages` WHERE `page_id` = '.$page_id;
     $results = $database->query($sql);
     $results_array = $results->fetchRow();
-...
     $template->set_var(array(
     				'PAGE_ID' => $results_array['page_id'],
     				// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
     				'PAGE_IDKEY' => $results_array['page_id'],
     				'PAGE_TITLE' => ($results_array['page_title']),
     				'MENU_TITLE' => ($results_array['menu_title']),
     				'DESCRIPTION' => ($results_array['description']),

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1402

Added by Luisehahne almost 15 years ago