Add a package ID parameter to pkg_change_category() instead of relying on the "ID" or "N" GET parameters.
Signed-off-by: Lukas Fleischer <[email protected]> --- web/html/packages.php | 2 +- web/lib/pkgfuncs.inc.php | 10 +--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/web/html/packages.php b/web/html/packages.php index 44f7671..3478ab9 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -89,7 +89,7 @@ if (check_token()) { } elseif (current_action("do_DeleteComment")) { $output = pkg_delete_comment($atype); } elseif (current_action("do_ChangeCategory")) { - $output = pkg_change_category($atype); + $output = pkg_change_category($pkgid, $atype); } } diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 593ccde..b42df4c 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -1206,7 +1206,7 @@ function pkg_delete_comment($atype, $dbh=NULL) { * @param string $atype Account type, output of account_from_sid * @return string Translated error or success message */ -function pkg_change_category($atype, $dbh=NULL) { +function pkg_change_category($pid, $atype, $dbh=NULL) { if (!$atype) { return __("You must be logged in before you can edit package information."); } @@ -1226,14 +1226,6 @@ function pkg_change_category($atype, $dbh=NULL) { return __("Invalid category ID."); } - if (isset($_GET["ID"])) { - $pid = $_GET["ID"]; - } elseif (isset($_GET["N"])) { - $pid = pkgid_from_name($_GET["N"]); - } else { - return __("Missing package ID."); - } - # Verify package ownership $q = "SELECT Packages.MaintainerUID "; $q.= "FROM Packages "; -- 1.7.12
