Revision 656
Added by thorn almost 17 years ago
| admin.php | ||
|---|---|---|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
// Get page id |
| 42 |
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) {
|
|
| 43 |
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
|
|
| 44 |
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) {
|
|
| 45 |
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
|
|
| 46 |
header("Location: index.php");
|
|
| 47 |
exit(0); |
|
| 48 |
} else {
|
|
| 49 |
$page_id = $_POST['page_id']; |
|
| 50 |
} |
|
| 51 |
} else {
|
|
| 52 |
$page_id = $_GET['page_id']; |
|
| 53 |
} |
|
| 54 |
} else {
|
|
| 55 |
$page_id = $_POST['page_id']; |
|
| 56 |
} |
|
| 42 |
if(isset($_GET['page_id']) AND is_numeric($_GET['page_id'])) {
|
|
| 43 |
$page_id = $_GET['page_id']; |
|
| 44 |
} elseif(isset($_POST['page_id']) AND is_numeric($_POST['page_id'])) {
|
|
| 45 |
$page_id = $_POST['page_id']; |
|
| 57 | 46 |
} else {
|
| 58 |
$page_id = $_GET['page_id']; |
|
| 47 |
header("Location: index.php");
|
|
| 48 |
exit(0); |
|
| 59 | 49 |
} |
| 60 | 50 |
|
| 61 | 51 |
// Get section id if there is one |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].