noalyss-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 01/06: Enforce security - ajax

From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 01/06: Enforce security - ajax
Date: Sat, 15 Nov 2014 01:23:55 +0000 
sparkyx pushed a commit to branch master
in repository noalyss.

commit f7b4d5497d37057e03cdf0b3ef11beace160ff2d
Author: Dany De Bontridder <address@hidden>
Date:   Fri Nov 14 23:41:59 2014 +0100

    Enforce security - ajax
---
 include/ajax_add_menu.php |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/ajax_add_menu.php b/include/ajax_add_menu.php
index 9a73ab4..9392446 100644
--- a/include/ajax_add_menu.php
+++ b/include/ajax_add_menu.php
@@ -25,7 +25,11 @@
  * @brief show the form to add a menu
  */
 if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
-$type=$_GET['type'];
+$type=HtmlInput::default_value_get('type','XX');
+if ($type == 'XX') {
+     throw new Exception('invalid call');
+    return;
+}
 if ( $type=='me')
 {
 $ame_code_dep=$cn->make_array("
@@ -99,8 +103,6 @@ echo HtmlInput::title_box(_("Nouveau menu"), $ctl);
 </table>
 <?php 
 echo HtmlInput::submit('add_menu',"Valider");
-echo '</form>';
-}
 if ($type=='pr')
 {
 
@@ -114,6 +116,8 @@ select me_code,me_code||' '||coalesce(me_menu,'')||' 
'||coalesce(me_description,
        ",0,array($p_id));
 
 $me_code=new ISelect('me_code');
+echo '</form>';
+}
 $me_code->value=$ame_code;
 
        echo HtmlInput::title_box(_("Nouveau menu"), $ctl);
reply via email to
[Prev in Thread] Current Thread [Next in Thread]