claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

application::display() should use the class internal iAppId instead of any $_REQUEST data

Browse Source
This commit is contained in:
Chris Morgan
2006-07-07 19:23:58 +00:00
committed by WineHQ
parent 0a836dd574
commit e9456af9d5
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/application.php
View File

@@ -514,10 +514,6 @@ class Application {
/* display this application */ /* display this application */
function display() function display()
{ {
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
/* is this user supposed to view this version? */ /* is this user supposed to view this version? */
if(!$_SESSION['current']->canViewApplication($this)) if(!$_SESSION['current']->canViewApplication($this))
util_show_error_page_and_exit("Something went wrong with the application or version id"); util_show_error_page_and_exit("Something went wrong with the application or version id");
@@ -557,7 +553,7 @@ class Application {
// optional links // optional links
$result = query_parameters("SELECT * FROM appData WHERE appId = '?' AND versionID = 0 AND type = 'url'", $result = query_parameters("SELECT * FROM appData WHERE appId = '?' AND versionID = 0 AND type = 'url'",
$aClean['iAppId']); $this->iAppId);
if($result && mysql_num_rows($result) > 0) if($result && mysql_num_rows($result) > 0)
{ {
echo " <tr class=\"color1\"><td> <b>Links</b></td><td>\n"; echo " <tr class=\"color1\"><td> <b>Links</b></td><td>\n";
@@ -614,7 +610,7 @@ class Application {
if($_SESSION['current']->isSuperMaintainer($this->iAppId) || $_SESSION['current']->hasPriv("admin")) if($_SESSION['current']->isSuperMaintainer($this->iAppId) || $_SESSION['current']->hasPriv("admin"))
{ {
echo ' <form method="post" name="sEdit" action="admin/editAppFamily.php"><input type="hidden" name="iAppId" value="'.$aClean['iAppId'].'"><input type="submit" value="Edit Application" class="button"></form>'; echo ' <form method="post" name="sEdit" action="admin/editAppFamily.php"><input type="hidden" name="iAppId" value="'.$this->iAppId.'"><input type="submit" value="Edit Application" class="button"></form>';
} }
if($_SESSION['current']->isLoggedIn()) if($_SESSION['current']->isLoggedIn())
{ {