[Phplinker-commits] r528 - /trunk/www/admin/url_edit.php

Thu, 07 Jun 2007 04:44:55 -0700 

Author: gassla
Date: Thu Jun  7 13:44:20 2007
New Revision: 528

URL: http://svn.gna.org/viewcvs/phplinker?rev=528&view=rev
Log:
better check on $_GET['id'], (closes: #244)

Modified:
    trunk/www/admin/url_edit.php   (contents, props changed)

Modified: trunk/www/admin/url_edit.php
URL: 
http://svn.gna.org/viewcvs/phplinker/trunk/www/admin/url_edit.php?rev=528&r1=527&r2=528&view=diff
==============================================================================
--- trunk/www/admin/url_edit.php (original)
+++ trunk/www/admin/url_edit.php Thu Jun  7 13:44:20 2007
@@ -1,4 +1,28 @@
 <?php
+/*
+    This file is part of PHPLinker.
+
+    PHPLinker is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    PHPLinker is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with PHPLinker; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+# $Id$
+?>
+<?php
+
+if(!isset($_GET['id'])){
+  header("Location: ./index.php");
+ }
 
 function searchIndinCategs($id, $tree_categs){
   for ($i=0;$i<sizeof($tree_categs);$i++){
@@ -28,8 +52,8 @@
 require("includes/auth.php");
 require("includes/header.php");
 require($linker_config['linker_php_pager']);
-if(is_numeric($_GET["id"]) == false){
-  echo"<script language='javascript'>alert('URL 
introuvable');window.location='/admin';</script>";
+if(!is_numeric($_GET["id"]) || $_GET["id"]<0 ){
+  echo"<script language='javascript'>alert('URL 
introuvable');window.location='index.php';</script>";
  }
 $requette_test_vide = sql_query('die',__FILE__,__LINE__,__FUNCTION__,"SELECT 
id  FROM url WHERE id =".$_GET["id"]);
 if(mysql_num_rows($requette_test_vide) == 0 || (is_numeric($_GET["id"]) == 
false)){

Propchange: trunk/www/admin/url_edit.php
------------------------------------------------------------------------------
    svn:keywords = Id


_______________________________________________
PHPLinker-commits mailing list
[email protected]
https://mail.gna.org/listinfo/phplinker-commits

Reply via email to