X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-edit_emails.php;h=d073ed9011f4ca0ccf63964ebe40045340efe1e9;hp=8c566cfb1ffb6a1455833ebaa2838b1f25367684;hb=d90ace91b5fce766924e587d20450f45318ccc64;hpb=75ad748a68473ace540251427a74fb781b1145e9

diff --git a/inc/modules/admin/what-edit_emails.php b/inc/modules/admin/what-edit_emails.php
index 8c566cfb1f..d073ed9011 100644
--- a/inc/modules/admin/what-edit_emails.php
+++ b/inc/modules/admin/what-edit_emails.php
@@ -32,19 +32,15 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
-// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
-global $link;
+// Add description as navigation point
+ADD_DESCR("admin", __FILE__);
 
-if ((isset($_POST['ok'])) && (empty($_POST['id'])))
-{
+if ((isset($_POST['ok'])) && (empty($_POST['id']))) {
 	unset($_POST['ok']);
 }
 
@@ -54,14 +50,14 @@ if (SQL_NUMROWS($result) > 0)
 	if (isset($_POST['ok']))
 	{
 		// Make mail editable...
-		$result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
 		 array(bigintval($_POST['id'])), __FILE__, __LINE__);
 		list($subj, $text, $url) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
 		define('__ID_VALUE'  , $_POST['id']);
-		define('__URL_VALUE' , stripslashes($url));
-		define('__SUBJ_VALUE', stripslashes($subj));
-		define('__TEXT_VALUE', stripslashes($text));
+		define('__URL_VALUE' , $url);
+		define('__SUBJ_VALUE', $subj);
+		define('__TEXT_VALUE', $text);
 
 		// Load template
 		LOAD_TEMPLATE("admin_edit_email");
@@ -75,14 +71,14 @@ if (SQL_NUMROWS($result) > 0)
 subject='%s',
 text='%s',
 url='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
  array(
-	addslashes($_POST['subj']),
-	addslashes($_POST['text']),
-	addslashes($_POST['url']),
+	$_POST['subj'],
+	$_POST['text'],
+	$_POST['url'],
 	bigintval($_POST['id']),
 ), __FILE__, __LINE__);
-			if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
+			if (SQL_AFFECTEDROWS() == 1)
 			{
 				$content = "<SPAN class=\"admin_done\">".SETTINGS_SAVED."</SPAN>";
 			}
@@ -127,12 +123,10 @@ WHERE id=%d LIMIT 1",
 		// Load email template
 		LOAD_TEMPLATE("admin_edit_email_select");
 	}
-}
- else
-{
+} else {
 	// No mail orders left in pool
-	OUTPUT_HTML ("<SPAN class=\"admin_failed\">".ADMIN_NO_MAILS_IN_POOL."</SPAN>");
+	OUTPUT_HTML("<SPAN class=\"admin_failed\">".ADMIN_NO_MAILS_IN_POOL."</SPAN>");
 }
-CLOSE_TABLE();
+
 //
 ?>