diff --git a/lam/templates/delete.php b/lam/templates/delete.php index 4078836b..4b299ebd 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -1,10 +1,11 @@ getConfiguredType($_POST['type']) == null)) { logNewMessage(LOG_ERR, 'Invalid type: ' . $_POST['type']); die(); } if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) { - if (!preg_match('/^[a-z0-9_]+$/i', $_GET['type'])) { - logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']); + $typeId = $_GET['type']; + $type = $typeManager->getConfiguredType($typeId); + if ($type == null) { + logNewMessage(LOG_ERR, 'Invalid type: ' . $type->getId()); die(); } - if (!checkIfDeleteEntriesIsAllowed($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) { - logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']); + if (!checkIfDeleteEntriesIsAllowed($type->getId()) || !checkIfWriteAccessIsAllowed($type->getId())) { + logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $type->getId()); die(); } // Create account list @@ -88,15 +93,14 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) { } //load account - $typeManager = new LAM\TYPES\TypeManager(); - $_SESSION['account'] = new accountContainer($typeManager->getConfiguredType($_GET['type']), 'account'); + $_SESSION['account'] = new \accountContainer($type, 'account'); // Show HTML Page include 'main_header.php'; - echo "