X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-admin_add.php;h=8c2bc8fc26619abd63ff70717cf81ea14aecf05a;hp=385600b1392f3405a75d4530ef4c8f59e0398afa;hb=56156f6c4392510cdbe0eb4f2ccefc23b43e2672;hpb=89edd713e330fd16e8da1edeadfd5046296ff0d2 diff --git a/inc/modules/admin/what-admin_add.php b/inc/modules/admin/what-admin_add.php index 385600b139..8c2bc8fc26 100644 --- a/inc/modules/admin/what-admin_add.php +++ b/inc/modules/admin/what-admin_add.php @@ -32,17 +32,16 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } + // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); // Check if the admin has entered title and what-php file name... -if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) -{ +if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) { unset($_POST['ok']); } @@ -52,7 +51,7 @@ if (!isset($_POST['ok'])) $menus = array(); $titles = array(); $below = array(); // Get all available main menus - $result = SQL_QUERY("SELECT action, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT action, title, sort FROM `"._MYSQL_PREFIX."_admin_menu` WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Read menu structure @@ -90,7 +89,7 @@ if (!isset($_POST['ok'])) // Load sub menus :) foreach ($menus as $key_main => $value_main) { - $result = SQL_QUERY_ESC("SELECT what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort", + $result = SQL_QUERY_ESC("SELECT what, title, sort FROM `"._MYSQL_PREFIX."_admin_menu` WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort", array($value_main), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { @@ -132,15 +131,15 @@ if (!isset($_POST['ok'])) } } } - $OUT = " + \n"; foreach ($below as $key => $m) { if (is_array($m)) { foreach ($m as $key2 => $m2) { - $OUT .= " \n"; + $OUT .= "\n"; } } else { - $OUT .= " \n"; + $OUT .= " \n"; } } - $OUT .= ""; + $OUT .= ""; define('__BELOW_SELECTION' , $OUT); define('__WHAT_SELECTION' , ADMIN_MAKE_MENU_SELECTION("admin", "what", "name")); @@ -171,27 +170,29 @@ if (!isset($_POST['ok'])) if (!empty($_POST['menu'])) { // Add sub menu - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, what, title, descr, sort) -VALUES('%s', '%s', '%s', '%s', '%s')", - array( - $_POST['menu'], - $_POST['name'], - $_POST['title'], - addslashes($_POST['descr']), - bigintval($_POST['sort']), -), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')", + array( + $_POST['menu'], + $_POST['name'], + $_POST['title'], + $_POST['descr'], + bigintval($_POST['sort']), + ), __FILE__, __LINE__ + ); + CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']); } else { // Add main menu - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, title, descr, sort) -VALUES('%s', '%s', '%s', '%s')", - array( - $_POST['name'], - $_POST['title'], - addslashes($_POST['descr']), - bigintval($_POST['sort']), -), __FILE__, __LINE__); + SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')", + array( + $_POST['name'], + $_POST['title'], + $_POST['descr'], + bigintval($_POST['sort']), + ), __FILE__, __LINE__ + ); + CACHE_PURGE_ADMIN_MENU(0, $_POST['name']); } LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE); }