Security line in all includes changed

[mailer.git] / inc / modules / admin / what-config_email.php

diff --git a/inc/modules/admin/what-config_email.php b/inc/modules/admin/what-config_email.php
index e87d58d23389b5edd469b79e1e0f5024485a07d0..e36c9f5bb6396ac87b83498ce90de303655babb5 100644 (file)
--- a/inc/modules/admin/what-config_email.php
+++ b/inc/modules/admin/what-config_email.php
@@ -32,30 +32,27 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
+// Remove empty array index
 if (empty($_POST['max'])) unset($_POST['add_max']);
-if (isset($_POST['add_max']))
-{
+
+if (isset($_POST['add_max'])) {
        // Save all settings
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_max_receive WHERE value='%s' LIMIT 1",
         array(bigintval($_POST['max'])), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 0)
-       {
+       if (SQL_NUMROWS($result) == 0) {
                // Add this value (including comment)
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_max_receive (value, comment) VALUES ('%s', '%s')",
-                array(bigintval($_POST['max']), stripslashes($_POST['comment'])),__FILE__, __LINE__);
+                array(bigintval($_POST['max']), $_POST['comment']),__FILE__, __LINE__);
                $content = "<SPAN class=\"admin_done\">".MAX_VALUE_SAVED."</SPAN>";
-       }
-        else
-       {
+       } else {
                // Free memory
                SQL_FREERESULT($result);
 
@@ -65,45 +62,40 @@ if (isset($_POST['add_max']))
 
        // Display message
        LOAD_TEMPLATE("admin_settings_saved", false, $content);
-}
- elseif ((isset($_POST['ok'])) && (isset($_GET['do'])))
-{
+} elseif ((isset($_POST['ok'])) && (isset($_GET['do']))) {
        // Change or delete entries...
        $TEXT = "";
-       foreach ($_POST['id'] as $id=>$value)
-       {
+       foreach ($_POST['id'] as $id => $value) {
                // Secure ID
                $id = bigintval($id);
 
                switch ($_GET['do'])
                {
                case "edit": // Change entries
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_max_receive SET value='%s', comment='%s' WHERE id=%s LIMIT 1",
                         array(bigintval($_POST['val'][$id]), $_POST['comm'][$id], $id),__FILE__, __LINE__);
                        $TEXT = MRECEIVE_SAVED;
                        break;
 
                case "del":
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        $TEXT = MRECEIVE_DELETED;
                        break;
                }
        }
-       if (isset($TEXT))
-       {
+
+       if (isset($TEXT)) {
                // Display message
                LOAD_TEMPLATE("admin_settings_saved", false, $TEXT);
        }
-}
- elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0]))))
-{
+} elseif ((isset($_POST['del'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
        // Delete entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id=>$value)
+       foreach ($_POST['sel'] as $id => $value)
        {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -124,15 +116,12 @@ if (isset($_POST['add_max']))
 
        // Load main template
        LOAD_TEMPLATE("admin_config_email_del");
-}
- elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0]))))
-{
+} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
        // Edit entries
        $SW = 2; $OUT = "";
-       foreach ($_POST['sel'] as $id=>$value)
-       {
+       foreach ($_POST['sel'] as $id => $value) {
                // Load data
-               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT value, comment FROM "._MYSQL_PREFIX."_max_receive WHERE id=%s LIMIT 1",
                 array(bigintval($id)), __FILE__, __LINE__);
                list($value, $comment) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -153,16 +142,12 @@ if (isset($_POST['add_max']))
 
        // Load main template
        LOAD_TEMPLATE("admin_config_email_edit");
-}
- else
-{
+} else {
        $result = SQL_QUERY("SELECT id, value, comment FROM "._MYSQL_PREFIX."_max_receive ORDER BY value", __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) > 0)
-       {
+       if (SQL_NUMROWS($result) > 0) {
                // List already existing entries for editing
                $SW = 2; $OUT = "";
-               while (list($id, $value, $comment) = SQL_FETCHROW($result))
-               {
+               while (list($id, $value, $comment) = SQL_FETCHROW($result)) {
                        // Prepare data for the row template
                        $content = array(
                                'sw'      => $SW,
@@ -187,6 +172,6 @@ if (isset($_POST['add_max']))
        // Display form
        LOAD_TEMPLATE("admin_add_max");
 }
-CLOSE_TABLE();
+
 //
 ?>