X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fframetester.php;h=2c3a21c3b45a1f79aaf01bc2026959c316232d74;hb=f3e4c2c048761589836fdbe6bd2e46599a1833a7;hp=a6daa40721cd307f0ec7313acc5ac36bd93642e9;hpb=c72c89ffa5f7f5444d7fd47021db520b77738d9e;p=mailer.git diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php index a6daa40721..2c3a21c3b4 100644 --- a/inc/modules/frametester.php +++ b/inc/modules/frametester.php @@ -10,7 +10,12 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Testet die Mitgliedsseite gegen Frame-Killer * * -------------------------------------------------------------------- * - * * + * $Revision:: 856 $ * + * $Date:: 2009-03-06 20:24:32 +0100 (Fr, 06. Mär 2009) $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: stelzi $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * For more information visit: http://www.mxchange.org * @@ -32,19 +37,19 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } $MODE = "guest"; -if (!empty($_GET['order'])) { +if (REQUEST_ISSET_GET(('order'))) { // Order number placed, is he also logged in? - if(IS_LOGGED_IN()) { + if (IS_MEMBER()) { // Ok, test passed... :) - $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1", - array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT subject, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", + array(bigintval(REQUEST_GET('order')), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? if (SQL_NUMROWS($result) == 1) { @@ -52,10 +57,9 @@ if (!empty($_GET['order'])) { list($sub, $url) = SQL_FETCHROW($result); // This fixes a white page - $_POST['url'] = $url; + REQUEST_SET_POST('url', $url); - // Update his login data - UPDATE_LOGIN_DATA(); + // Mode is member $MODE = "member"; } else { // Matching line not found! @@ -70,18 +74,27 @@ if (!empty($_GET['order'])) { } } -if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) { - $url = URL; - if (!empty($_POST['url'])) $url = $_POST['url']; - if (!empty($_GET['url'])) $url = base64_decode(urldecode(COMPILE_CODE($_GET['url']))); - switch ($_GET['frame']) +if ((REQUEST_ISSET_POST(('url'))) || (REQUEST_ISSET_GET(('url'))) || (REQUEST_ISSET_GET(('frame')))) { + // Default URL is ours + $url = constant('URL'); + + // Decode URL if set in GET parameters + if (REQUEST_ISSET_GET(('url'))) $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url'))))); + + // Use URL from POST data if set + if (REQUEST_ISSET_POST(('url'))) $url = REQUEST_POST('url'); + + // Add missing element + $frame = ""; + if (REQUEST_ISSET_GET(('frame'))) $frame = REQUEST_GET(('frame')); + switch ($frame) { case "": switch ($MODE) { case "member": // Build frameset - define('__ORDER_VALUE', bigintval($_GET['order'])); + define('__ORDER_VALUE', bigintval(REQUEST_GET('order'))); define('__URL_VALUE' , DEREFERER($url)); LOAD_TEMPLATE("member_order_frametester"); break; @@ -94,15 +107,15 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']) break; case "test_top": - OUTPUT_HTML("".GUEST_FRAMETESTER_TOP.""); + LOAD_TEMPLATE("admin_settings_saved", false, "
{--GUEST_FRAMETESTER_TOP--}"); break; case "back": // Back buttom - LOAD_TEMPLATE("member_order_back", false, $_GET['order']); + LOAD_TEMPLATE("member_order_back", false, REQUEST_GET('order')); break; case "send": // Send mail away - LOAD_TEMPLATE("member_order_send", false, $_GET['order']); + LOAD_TEMPLATE("member_order_send", false, REQUEST_GET('order')); break; } } else {