X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fframetester.php;h=49b06b359e17ef12edd66f6b8d131012cad1f3bb;hp=1be7dd9d339a344e3af421af4f2f601334359f5c;hb=d997f1621c6e6e0427166bd96690e0825387dadd;hpb=75ad748a68473ace540251427a74fb781b1145e9 diff --git a/inc/modules/frametester.php b/inc/modules/frametester.php index 1be7dd9d33..49b06b359e 100644 --- a/inc/modules/frametester.php +++ b/inc/modules/frametester.php @@ -32,26 +32,22 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } $MODE = "guest"; -if (!empty($_GET['order'])) -{ +if (!empty($_GET['order'])) { // Order number placed, is he also logged in? - if(IS_LOGGED_IN()) - { + if(IS_LOGGED_IN()) { // Ok, test passed... :) - $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1", array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__); // Finally is the entry valid? - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load subject and URL (but forwhat do we need the subject line here??? list($sub, $url) = SQL_FETCHROW($result); @@ -61,29 +57,33 @@ if (!empty($_GET['order'])) // Update his login data UPDATE_LOGIN_DATA(); $MODE = "member"; - } - else - { + } else { // Matching line not found! - LOAD_URL(URL."/modules.php?module=index&what=login"); + LOAD_URL("modules.php?module=index&what=login"); } // Free memory SQL_FREERESULT($result); - } - else - { + } else { // He is no longer logged in - LOAD_URL(URL."/modules.php?module=index&what=login"); + LOAD_URL("modules.php?module=index&what=login"); } } -if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) -{ +if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) { + // Default URL is ours $url = URL; + + // Decode URL if set in GET parameters + if (!empty($_GET['url'])) $url = COMPILE_CODE(gzuncompress(base64_decode(urldecode($_GET['url'])))); + + // Use URL from POST data if set if (!empty($_POST['url'])) $url = $_POST['url']; - if (!empty($_GET['url'])) $url = base64_decode(urldecode(COMPILE_CODE($_GET['url']))); - switch ($_GET['frame']) + + // Add missing element + $frame = ""; + if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']); + switch ($frame) { case "": switch ($MODE) @@ -103,7 +103,7 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']) break; case "test_top": - OUTPUT_HTML ("".GUEST_FRAMETESTER_TOP.""); + OUTPUT_HTML("".GUEST_FRAMETESTER_TOP.""); break; case "back": // Back buttom @@ -114,11 +114,9 @@ if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']) LOAD_TEMPLATE("member_order_send", false, $_GET['order']); break; } -} - else -{ +} else { // Go away... - LOAD_URL(URL."/modules.php?module=login"); + LOAD_URL("modules.php?module=login"); } // ?>