Unnessarry addslashes() and SQL_ESCAPE() removed, some added, some bigintval() added

[mailer.git] / inc / modules / admin / what-guestedit.php

diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php
index b7ee2ea99a71f0ecc50dbd00f3c40558318889cf..ebbcad632dbd57472034dcacb561f183f130ab96 100644 (file)
--- a/inc/modules/admin/what-guestedit.php
+++ b/inc/modules/admin/what-guestedit.php
@@ -38,10 +38,10 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 }
 
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 // Do we edit/delete/change main menus or sub menus?
-$AND = "what = ''"; $SUB = "";
+$AND = "(what = '' OR what IS NULL)"; $SUB = "";
 
 if (!empty($_GET['sub'])) {
        $AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
@@ -241,14 +241,10 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 
        // Load template
        LOAD_TEMPLATE("admin_gmenu_status");
-}
- else
-{
-       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid'])))
-       {
+} else {
+       if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) {
                // Get IDs
-               if (!empty($_GET['w']))
-               {
+               if (!empty($_GET['w'])) {
                        // Sub menus selected
                        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND sort='%s' LIMIT 1",
                         array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
@@ -258,9 +254,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                         array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
                        list($fid) = SQL_FETCHROW($result);
                        SQL_FREERESULT($result);
-               }
-                else
-               {
+               } else {
                        // Main menu selected
                        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
                         array(bigintval($_GET['tid'])), __FILE__, __LINE__);
@@ -272,24 +266,20 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
                        SQL_FREERESULT($result);
                }
 
-               if ((!empty($tid)) && (!empty($fid)))
-               {
+               if ((!empty($tid)) && (!empty($fid))) {
                        // Sort menu
                        $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                        array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+                               array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
                        $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
-                        array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
-               }
-       }
+                               array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+               } // END - if
+       } // END - if
 
        // By default list menus
-       if (empty($SUB))
-       {
+       if (empty($SUB)) {
                // List only main menus
                $query = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) ORDER BY sort ASC", __FILE__, __LINE__);
-       }
-        else
-       {
+       } else {
                // List sub menus
                $query = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort ASC",
                 array($SUB), __FILE__, __LINE__);