X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fframetester.php;h=c73bec9636191d7aadde85d93666a2306004b885;hb=2d4a4acb99201d09a964e4b560a266c04a11a324;hp=a6daa40721cd307f0ec7313acc5ac36bd93642e9;hpb=d54624f97b6fbcfc0b9879166af5e6169a5af845;p=mailer.git

diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php
index a6daa40721..c73bec9636 100644
--- a/inc/modules/frametester.php
+++ b/inc/modules/frametester.php
@@ -41,9 +41,9 @@ $MODE = "guest";
 
 if (!empty($_GET['order'])) {
 	// Order number placed, is he also logged in?
-	if(IS_LOGGED_IN()) {
+	if(IS_MEMBER()) {
 		// Ok, test passed... :)
-		$result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
 		 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
 
 		// Finally is the entry valid?
@@ -71,10 +71,19 @@ if (!empty($_GET['order'])) {
 }
 
 if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
+	// Default URL is ours
 	$url = URL;
+
+	// Decode URL if set in GET parameters
+	if (!empty($_GET['url']))  $url = COMPILE_CODE(gzuncompress(base64_decode(urldecode($_GET['url']))));
+
+	// Use URL from POST data if set
 	if (!empty($_POST['url'])) $url = $_POST['url'];
-	if (!empty($_GET['url']))  $url = base64_decode(urldecode(COMPILE_CODE($_GET['url'])));
-	switch ($_GET['frame'])
+
+	// Add missing element
+	$frame = "";
+	if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']);
+	switch ($frame)
 	{
 	case "":
 		switch ($MODE)