Revision 5a61331a
Added by Jim Pingle over 14 years ago
| usr/local/www/pkg_edit.php | ||
|---|---|---|
| 84 | 84 |
if (isset($_POST['id'])) |
| 85 | 85 |
$id = htmlspecialchars($_POST['id']); |
| 86 | 86 |
|
| 87 |
if(!is_numeric($id)) {
|
|
| 88 |
Header("Location: /");
|
|
| 89 |
exit; |
|
| 90 |
} |
|
| 91 |
|
|
| 92 |
|
|
| 93 | 87 |
// Not posting? Then user is editing a record. There must be a valid id |
| 94 | 88 |
// when editing a record. |
| 95 | 89 |
if(!$id && !$_POST) |
| 96 | 90 |
$id = "0"; |
| 97 |
|
|
| 91 |
|
|
| 92 |
if(!is_numeric($id)) {
|
|
| 93 |
Header("Location: /");
|
|
| 94 |
exit; |
|
| 95 |
} |
|
| 96 |
|
|
| 98 | 97 |
if($pkg['custom_php_global_functions'] <> "") |
| 99 | 98 |
eval($pkg['custom_php_global_functions']); |
| 100 | 99 |
|
Also available in: Unified diff
Move this validation down so we can still assume id=0 if it's not present, and then redirect if it's non-numeric.