userid secure in redirect
authorRoland Häder <roland@mxchange.org>
Sat, 2 Feb 2008 13:17:36 +0000 (13:17 +0000)
committerRoland Häder <roland@mxchange.org>
Sat, 2 Feb 2008 13:17:36 +0000 (13:17 +0000)
0.2.1/click.php

index de80ccb..8a08363 100644 (file)
@@ -46,26 +46,19 @@ $GLOBALS['module'] = "click"; $CSS = -1;
 // Load the required file(s)
 require ("inc/config.php");
 
-if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner'])))
-{
+if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['banner']))) {
        // Update clicks counter...
        $CLICK = 1;
        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET clicks=clicks+1 WHERE id=%d LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
-       if (SQL_AFFECTEDROWS($link) == 1)
-       {
-               if (!empty($_GET['user']))
-               {
-                       LOAD_URL(URL."/ref.php?refid=".$_GET['user']);
-               }
-                else
-               {
-                       LOAD_URL(URL."/shop_reseller.php?reseller=".$_GET['reseller']);
+       if (SQL_AFFECTEDROWS($link) == 1) {
+               if (!empty($_GET['user'])) {
+                       LOAD_URL(URL."/ref.php?refid=".bigintval($_GET['user']));
+               } else {
+                       LOAD_URL(URL."/shop_reseller.php?reseller=".bigintval($_GET['user']));
                }
        }
        exit();
-}
- else
-{
+} else {
        // Do nothing for now
        die();
 }