X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_cats.php;h=fd795ff259337216bd159d5e487a3f98cf31aecf;hp=ecd7de4b83332bc340651c4b7467ae63ef261afd;hb=f9a9c09e1ae257449bfd98f8854e321efba1dc3c;hpb=6032b7018b83778f1592383238f4e0d28f718622 diff --git a/inc/modules/admin/what-config_cats.php b/inc/modules/admin/what-config_cats.php index ecd7de4b83..fd795ff259 100644 --- a/inc/modules/admin/what-config_cats.php +++ b/inc/modules/admin/what-config_cats.php @@ -33,13 +33,13 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) { +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); // Init variable to avoid a notice $CATS = ""; @@ -47,11 +47,11 @@ $CATS = ""; if (isset($_POST['add'])) { // Add a new category $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_cats WHERE cat='%s' LIMIT 1", - array(addslashes($_POST['catname'])), __FILE__, __LINE__); + array($_POST['catname']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Category does not exists, we simply add it... - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s', '%s', '%s')", - array(addslashes($_POST['catname']), $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s','%s','%s')", + array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__); $content = "".CATEGORY_ADDED.""; } else { // Category does already exists @@ -66,7 +66,7 @@ if (isset($_POST['add'])) { } elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) { // Change or delete categories... $TEXT = ""; - foreach ($_POST['id'] as $id=>$cat) { + foreach ($_POST['id'] as $id => $cat) { // Secure ID $id = bigintval($id); @@ -103,7 +103,7 @@ if (isset($_POST['add'])) { { // Delete categories $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$value) + foreach ($_POST['sel'] as $id => $value) { // Load data of category $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1", @@ -129,7 +129,7 @@ if (isset($_POST['add'])) { } elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) { // Edit categories $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $id=>$value) + foreach ($_POST['sel'] as $id => $value) { // Load data from the category $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",