Security line in all includes changed

[mailer.git] / inc / modules / admin / what-list_country.php

diff --git a/inc/modules/admin/what-list_country.php b/inc/modules/admin/what-list_country.php
index d694fdf927bb3be1f8d953ced41efa6e02e4d24f..4ff4155f4255a6534c5d02624d48175848a324dd 100644 (file)
--- a/inc/modules/admin/what-list_country.php
+++ b/inc/modules/admin/what-list_country.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...

-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin()))
-{
+if ((!defined('__SECURITY')) || (!is_admin())) {

        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }


@@ -104,10 +103,10 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
 
                // Edit all selected country codes
                $OUT = ""; $SW = 2;
 
                // Edit all selected country codes
                $OUT = ""; $SW = 2;

-               foreach ($_POST['id'] as $id=>$status)
+               foreach ($_POST['id'] as $id => $status)

                {
                        // Load data from DB
                {
                        // Load data from DB

-                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%d LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT code, descr FROM "._MYSQL_PREFIX."_countries WHERE id=%s LIMIT 1",

                         array(bigintval($id)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
                         array(bigintval($id)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {


@@ -154,7 +153,7 @@ if ((isset($_POST['add'])) && (!empty($_POST['code'])) && (!empty($_POST['descr'
        if ((isset($_POST['modify'])) && (!empty($_POST['id'])))
        {
                // Modify
        if ((isset($_POST['modify'])) && (!empty($_POST['id'])))
        {
                // Modify

-               foreach ($_POST['id'] as $id=>$sel)
+               foreach ($_POST['id'] as $id => $sel)

                {
                        $SQLs[] = "UPDATE "._MYSQL_PREFIX."_countries SET code='".$_POST['code'][$id]."', descr='".$_POST['descr'][$id]."', is_active='".$_POST['is_active'][$id]."' WHERE id='".$id."' LIMIT 1";
                }
                {
                        $SQLs[] = "UPDATE "._MYSQL_PREFIX."_countries SET code='".$_POST['code'][$id]."', descr='".$_POST['descr'][$id]."', is_active='".$_POST['is_active'][$id]."' WHERE id='".$id."' LIMIT 1";
                }