X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-admin_add.php;h=8c2bc8fc26619abd63ff70717cf81ea14aecf05a;hp=7882d8fbea845dae4df3cb616667dd32cca3c972;hb=56156f6c4392510cdbe0eb4f2ccefc23b43e2672;hpb=6032b7018b83778f1592383238f4e0d28f718622

diff --git a/inc/modules/admin/what-admin_add.php b/inc/modules/admin/what-admin_add.php
index 7882d8fbea..8c2bc8fc26 100644
--- a/inc/modules/admin/what-admin_add.php
+++ b/inc/modules/admin/what-admin_add.php
@@ -32,17 +32,16 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
-if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok'])))
-{
+if (((empty($_POST['title'])) || (empty($_POST['menu'])) || (empty($_POST['descr']))) && (isset($_POST['ok']))) {
 	unset($_POST['ok']);
 }
 
@@ -52,7 +51,7 @@ if (!isset($_POST['ok']))
 	$menus = array(); $titles = array(); $below = array();
 
 	// Get all available main menus
-	$result = SQL_QUERY("SELECT action, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__);
+	$result = SQL_QUERY("SELECT action, title, sort FROM `"._MYSQL_PREFIX."_admin_menu` WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result) > 0)
 	{
 		// Read menu structure
@@ -73,7 +72,7 @@ if (!isset($_POST['ok']))
 
 		// Remove double eintries
 		$prev = ""; $dmy = $menus; $dmy2 = $titles; $dmy3 = $below;
-		foreach ($menus as $key=>$value)
+		foreach ($menus as $key => $value)
 		{
 			if ($value == $prev)
 			{
@@ -88,9 +87,9 @@ if (!isset($_POST['ok']))
 		}
 		$menus = $dmy; $titles = $dmy2; $below = $dmy3;
 		// Load sub menus :)
-		foreach ($menus as $key_main=>$value_main)
+		foreach ($menus as $key_main => $value_main)
 		{
-			$result = SQL_QUERY_ESC("SELECT what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort",
+			$result = SQL_QUERY_ESC("SELECT what, title, sort FROM `"._MYSQL_PREFIX."_admin_menu` WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort",
 			 array($value_main), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result) > 0)
 			{
@@ -115,7 +114,7 @@ if (!isset($_POST['ok']))
 
 				// Remove double eintries
 				$prev = ""; $dmy = $menus[$value_main]; $dmy2 = $titles[$value_main]; $dmy3 = $below[$value_main];
-				foreach ($menus[$value_main] as $key=>$value)
+				foreach ($menus[$value_main] as $key => $value)
 				{
 					if ($value == $prev)
 					{
@@ -132,31 +131,31 @@ if (!isset($_POST['ok']))
 			}
 		}
 	}
-	$OUT = "    <SELECT class=\"admin_select\" name=\"sort\" size=\"1\">
-      <OPTION value=\"0\">".IS_FIRST_MENU."</OPTION>\n";
-  	foreach ($below as $key=>$m)
+	$OUT = "    <select class=\"admin_select\" name=\"sort\" size=\"1\">
+      <option value=\"0\">".IS_FIRST_MENU."</option>\n";
+  	foreach ($below as $key => $m)
 	{
 		if (is_array($m))
 		{
-			foreach ($m as $key2=>$m2)
+			foreach ($m as $key2 => $m2)
 			{
-				$OUT .= "      <OPTION value=\"".$m2."\">".$titles[$key][$key2];
-				foreach ($menus as $k=>$v)
+				$OUT .= "      <option value=\"".$m2."\">".$titles[$key][$key2];
+				foreach ($menus as $k => $v)
 				{
 					if (($v == $key) && (!is_array($v)))
 					{
 						$OUT .= " (".$titles[$k].")";
 					}
 				}
-				$OUT .= "</OPTION>\n";
+				$OUT .= "</option>\n";
 			}
 		}
 		 else
 		{
-			$OUT .= "      <OPTION value=\"".$m."\">".$titles[$key]."</OPTION>\n";
+			$OUT .= "      <option value=\"".$m."\">".$titles[$key]."</option>\n";
 		}
 	}
-	$OUT .= "</SELECT>";
+	$OUT .= "</select>";
 
 	define('__BELOW_SELECTION' , $OUT);
 	define('__WHAT_SELECTION'  , ADMIN_MAKE_MENU_SELECTION("admin", "what", "name"));
@@ -171,27 +170,29 @@ if (!isset($_POST['ok']))
 	if (!empty($_POST['menu']))
 	{
 		// Add sub menu
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, what, title, descr, sort)
-VALUES('%s', '%s', '%s', '%s', '%s')",
- array(
-	$_POST['menu'],
-	$_POST['name'],
-	$_POST['title'],
-	addslashes($_POST['descr']),
-	bigintval($_POST['sort']),
-), __FILE__, __LINE__);
+		SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
+			array(
+				$_POST['menu'],
+				$_POST['name'],
+				$_POST['title'],
+				$_POST['descr'],
+				bigintval($_POST['sort']),
+			), __FILE__, __LINE__
+		);
+		CACHE_PURGE_ADMIN_MENU(0, $_POST['menu'], $_POST['name']);
 	}
 	 else
 	{
 		// Add main menu
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, title, descr, sort)
-VALUES('%s', '%s', '%s', '%s')",
- array(
-	$_POST['name'],
-	$_POST['title'],
-	addslashes($_POST['descr']),
-	bigintval($_POST['sort']),
-), __FILE__, __LINE__);
+		SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (action, title, descr, sort) VALUES ('%s','%s','%s','%s')",
+			array(
+				$_POST['name'],
+				$_POST['title'],
+				$_POST['descr'],
+				bigintval($_POST['sort']),
+			), __FILE__, __LINE__
+		);
+		CACHE_PURGE_ADMIN_MENU(0, $_POST['name']);
 	}
 	LOAD_TEMPLATE("admin_settings_saved", false, SAVING_DONE);
 }