Project

General

Profile

« Previous | Next » 

Revision 1493

Added by Dietmar about 13 years ago

Ticket #1106 FatalError in groups module

View differences:

save.php
29 29
	$admin->print_header();
30 30
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
31 31
}
32
// After check print the header
33
$admin->print_header();
34 32

  
35 33
// Check if group group_id is a valid number and doesnt equal 1
36
if(!isset($_POST['group_id']) OR !is_numeric($_POST['group_id']) OR $_POST['group_id'] == 1) {
37
	header("Location: index.php");
38
	exit(0);
39
} else {
40
	$group_id = $_POST['group_id'];
34
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
35
if( ($group_id < 2 ) )
36
{
37
	// if($admin_header) { $admin->print_header(); }
38
	$admin->print_header();
39
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
41 40
}
42 41

  
43 42
// Gather details entered
......
47 46
if($group_name == "") {
48 47
	$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);
49 48
}
49
// After check print the header
50
$admin->print_header();
50 51

  
51 52
// Get system permissions
52 53
require_once(ADMIN_PATH.'/groups/get_permissions.php');
53 54

  
54 55
// Update the database
55
$query = "UPDATE ".TABLE_PREFIX."groups SET name = '$group_name', system_permissions = '$system_permissions', module_permissions = '$module_permissions', template_permissions = '$template_permissions' WHERE group_id = '$group_id'";
56
$query = "UPDATE `".TABLE_PREFIX."groups` SET `name` = '$group_name', `system_permissions` = '$system_permissions', `module_permissions` = '$module_permissions', `template_permissions` = '$template_permissions' WHERE `group_id` = '$group_id'";
56 57

  
57 58
$database->query($query);
58 59
if($database->is_error()) {

Also available in: Unified diff