X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fframetester.php;h=4e3f4f305400f05a757f135d01a4c2aba88dfeca;hb=939bce138060b727dc96764df88fbb8e4e7049c7;hp=2f44befb0afbd27e669900c21d15bf8c16215587;hpb=19cd0d37b2bcbf9dd4f3c38a9cecd7f5011d6b66;p=mailer.git

diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php
index 2f44befb0a..4e3f4f3054 100644
--- a/inc/modules/frametester.php
+++ b/inc/modules/frametester.php
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
@@ -41,9 +41,9 @@ $MODE = "guest";
 
 if (!empty($_GET['order'])) {
 	// Order number placed, is he also logged in?
-	if(IS_LOGGED_IN()) {
+	if(IS_MEMBER()) {
 		// Ok, test passed... :)
-		$result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
 		 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
 		// Finally is the entry valid?
@@ -54,8 +54,7 @@ if (!empty($_GET['order'])) {
 			// This fixes a white page
 			$_POST['url'] = $url;
 
-			// Update his login data
-			UPDATE_LOGIN_DATA();
+			// Mode is member
 			$MODE = "member";
 		} else {
 			// Matching line not found!
@@ -71,11 +70,14 @@ if (!empty($_GET['order'])) {
 }
 
 if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
+	// Default URL is ours
 	$url = URL;
-	if (!empty($_POST['url'])) $url = $_POST['url'];
 
-	// Decode URL if set
-	if (!empty($_GET['url']))  $url = base64_decode(urldecode(COMPILE_CODE($_GET['url'])));
+	// Decode URL if set in GET parameters
+	if (!empty($_GET['url']))  $url = gzuncompress(base64_decode(str_replace(" ", "+", COMPILE_CODE(urldecode($_GET['url'])))));
+
+	// Use URL from POST data if set
+	if (!empty($_POST['url'])) $url = $_POST['url'];
 
 	// Add missing element
 	$frame = "";