More EL code, security for $_POST elements rewritten (simplified):

[mailer.git] / inc / modules / admin / what-config_points.php

diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php
index 31404fcf9cfa09f439be13968d902c3ad8bdb495..a9cab39d96eed67c222f14cb7690cfb0b42b9e23 100644 (file)
--- a/inc/modules/admin/what-config_points.php
+++ b/inc/modules/admin/what-config_points.php
@@ -16,7 +16,7 @@
  * $Author::                                                          $ *
  * -------------------------------------------------------------------- *
  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
- * Copyright (c) 2009, 2010 by Mailer Developer Team                    *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
  * For more information visit: http://www.mxchange.org                  *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
@@ -77,10 +77,9 @@ if (isFormSent()) {
                        break;
 
                case 'ref':
-                       switch (getRequestParameter('do'))
-                       {
+                       switch (getRequestParameter('do')) {
                                case 'add':
-                                       addSql("INSERT INTO `{?_MYSQL_PREFIX?}_refdepths` (`level`, `percents`) VALUES ('".postRequestParameter('level')."','".postRequestParameter('percents')."')");
+                                       addSql("INSERT INTO `{?_MYSQL_PREFIX?}_refdepths` (`level`, `percents`) VALUES ('".bigintval(postRequestParameter('level'))."','".bigintval(postRequestParameter('percents'))."')");
                                        break;
 
                                case 'edit': // Change entries
@@ -94,7 +93,7 @@ if (isFormSent()) {
                                                // Update entry
                                                SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_refdepths` SET `level`=%s, `percents`=%s WHERE `id`=%s LIMIT 1",
                                                        array(bigintval($value), convertCommaToDot(postRequestParameter('percents', $id)), $id), __FILE__, __LINE__);
-                                       }
+                                       } // END - foreach
                                        $message = '{--ADMIN_REFERAL_DEPTHS_SAVED--}';
                                        break;
 
@@ -102,10 +101,10 @@ if (isFormSent()) {
                                        foreach (postRequestParameter('id') as $id => $value) {
                                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `id`=%s LIMIT 1",
                                                array(bigintval($id)), __FILE__, __LINE__);
-                                       }
+                                       } // END - foreach
                                        $message = '{--ADMIN_REFERAL_DEPTHS_DELETED--}';
                                        break;
-                       }
+                       } // END - switch
 
                        // Update cache file
                        // @TODO Rewrite this to a filter
@@ -162,7 +161,7 @@ WHERE
        // Shall we display a message?
        if (!empty($message)) {
                // When do so...
-               loadTemplate('admin_settings_saved', false, $message);
+               displayMessage($message);
        } // END - if
 } elseif (getRequestParameter('sub') == 'settings') {
        // Setup some settings like direct pay and so on