additional checks

This commit is contained in:
Roland Gruber 2012-03-20 20:44:24 +00:00
parent 08ce109c6b
commit 1c0aeb0e9f
2 changed files with 5 additions and 5 deletions

View File

@ -64,7 +64,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
// check if new template should be created
if(isset($_POST['createNewTemplate'])) {
metaRefresh('pdfpage.php?type=' . $_POST['scope']);
metaRefresh('pdfpage.php?type=' . htmlspecialchars($_POST['scope']));
exit();
}
@ -110,7 +110,7 @@ for ($i = 0; $i < sizeof($templateClasses); $i++) {
// check if a template should be edited
for ($i = 0; $i < sizeof($templateClasses); $i++) {
if (isset($_POST['editTemplate_' . $templateClasses[$i]['scope']]) || isset($_POST['editTemplate_' . $templateClasses[$i]['scope'] . '_x'])) {
metaRefresh('pdfpage.php?type=' . $templateClasses[$i]['scope'] . '&edit=' . $_POST['template_' . $templateClasses[$i]['scope']]);
metaRefresh('pdfpage.php?type=' . htmlspecialchars($templateClasses[$i]['scope']) . '&edit=' . htmlspecialchars($_POST['template_' . $templateClasses[$i]['scope']]));
exit;
}
}

View File

@ -69,14 +69,14 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
// check if new profile should be created
elseif (isset($_POST['createProfileButton'])) {
metaRefresh("profilepage.php?type=" . $_POST['createProfile']);
metaRefresh("profilepage.php?type=" . htmlspecialchars($_POST['createProfile']));
exit;
}
// check if a profile should be edited
for ($i = 0; $i < sizeof($profileClasses); $i++) {
if (isset($_POST['editProfile_' . $profileClasses[$i]['scope']]) || isset($_POST['editProfile_' . $profileClasses[$i]['scope'] . '_x'])) {
metaRefresh("profilepage.php?type=" . $profileClasses[$i]['scope'] .
"&amp;edit=" . $_POST['profile_' . $profileClasses[$i]['scope']]);
metaRefresh("profilepage.php?type=" . htmlspecialchars($profileClasses[$i]['scope']) .
"&amp;edit=" . htmlspecialchars($_POST['profile_' . $profileClasses[$i]['scope']]));
exit;
}
}