Ignore:
Timestamp:
Feb 20, 2011, 1:14:40 PM (13 years ago)
Author:
patdenice
Message:

Use another $conf parameter to avoid conflicts.
Add htmlspecialchars in admin page.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/AdditionalPages/admin/add_page.inc.php

    r9314 r9323  
    5656
    5757  $user_access = 'NULL';
    58   if ($conf['additional_pages']['user_perm'])
     58  if ($conf['AP']['user_perm'])
    5959  {
    6060    $user_access = !empty($_POST['users']) ? '"'.implode(',', $_POST['users']).'"' : '""';
     
    104104
    105105    // Homepage
    106     if (isset($_POST['homepage']) xor $conf['additional_pages']['homepage'] == $edited_page['id'])
    107     {
    108       $conf['additional_pages']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
    109       conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['additional_pages'])));
     106    if (isset($_POST['homepage']) xor $conf['AP']['homepage'] == $edited_page['id'])
     107    {
     108      $conf['AP']['homepage'] = isset($_POST['homepage']) ? $edited_page['id'] : null;
     109      conf_update_param('additional_pages', pwg_db_real_escape_string(serialize($conf['AP'])));
    110110    }
    111111
     
    152152
    153153// Groups options
    154 if ($conf['additional_pages']['group_perm'])
     154if ($conf['AP']['group_perm'])
    155155{
    156156        $query = 'SELECT id, name FROM '.GROUPS_TABLE.' ORDER BY name ASC;';
     
    169169
    170170// Users options
    171 if ($conf['additional_pages']['user_perm'])
     171if ($conf['AP']['user_perm'])
    172172{
    173173  $users_id = array('guest', 'generic', 'normal', 'admin', 'webmaster');
     
    185185
    186186// User level options
    187 if ($conf['additional_pages']['level_perm'])
     187if ($conf['AP']['level_perm'])
    188188{
    189189  foreach ($conf['available_permission_levels'] as $level)
     
    201201$template->assign(array(
    202202  'AP_TITLE' => $page_title,
    203   'NAME' => $edited_page['title'],
    204   'PERMALINK' => $edited_page['permalink'],
     203  'NAME' => htmlspecialchars($edited_page['title']),
     204  'PERMALINK' => htmlspecialchars($edited_page['permalink']),
    205205  'HOMEPAGE' => $edited_page['homepage'],
    206206  'STANDALONE' => $edited_page['standalone'],
    207   'CONTENT' => $edited_page['content']));
     207  'CONTENT' => htmlspecialchars($edited_page['content'])
     208  )
     209);
    208210
    209211$template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/add_page.tpl');
Note: See TracChangeset for help on using the changeset viewer.