projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More EL code, security for $_POST elements rewritten (simplified):
[mailer.git] / inc / modules / admin / what-config_points.php
diff --git a/inc/modules/admin/what-config_points.php b/inc/modules/admin/what-config_points.php
index 3ef48975ae67b96791e23fad8a030e22c7739790..a9cab39d96eed67c222f14cb7690cfb0b42b9e23 100644 (file)
--- a/inc/modules/admin/what-config_points.php
+++ b/inc/modules/admin/what-config_points.php
@@ -77,10 +77,9 @@ if (isFormSent()) {
                        break;
 
                case 'ref':
-                       switch (getRequestParameter('do'))
-                       {
+                       switch (getRequestParameter('do')) {
                                case 'add':
-                                       addSql("INSERT INTO `{?_MYSQL_PREFIX?}_refdepths` (`level`, `percents`) VALUES ('".postRequestParameter('level')."','".postRequestParameter('percents')."')");
+                                       addSql("INSERT INTO `{?_MYSQL_PREFIX?}_refdepths` (`level`, `percents`) VALUES ('".bigintval(postRequestParameter('level'))."','".bigintval(postRequestParameter('percents'))."')");
                                        break;
 
                                case 'edit': // Change entries
@@ -94,7 +93,7 @@ if (isFormSent()) {
                                                // Update entry
                                                SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_refdepths` SET `level`=%s, `percents`=%s WHERE `id`=%s LIMIT 1",
                                                        array(bigintval($value), convertCommaToDot(postRequestParameter('percents', $id)), $id), __FILE__, __LINE__);
-                                       }
+                                       } // END - foreach
                                        $message = '{--ADMIN_REFERAL_DEPTHS_SAVED--}';
                                        break;
 
@@ -102,10 +101,10 @@ if (isFormSent()) {
                                        foreach (postRequestParameter('id') as $id => $value) {
                                                SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_refdepths` WHERE `id`=%s LIMIT 1",
                                                array(bigintval($id)), __FILE__, __LINE__);
-                                       }
+                                       } // END - foreach
                                        $message = '{--ADMIN_REFERAL_DEPTHS_DELETED--}';
                                        break;
-                       }
+                       } // END - switch
 
                        // Update cache file
                        // @TODO Rewrite this to a filter
Mailer-Project repository