| [ Index ] |
|
Code source de WebCalendar 1.0.5 |
1 <?php 2 /* $Id: admin_handler.php,v 1.7.4.4 2006/03/23 16:06:06 cknudsen Exp $ */ 3 include_once 'includes/init.php'; 4 5 $error = ""; 6 7 if ( ! $is_admin ) { 8 $error = translate("You are not authorized"); 9 } 10 11 if ( $error == "" ) { 12 while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) { 13 $setting = substr ( $key, 6 ); 14 if ( $key == 'ovrd' ) 15 continue; 16 // validate key name. should start with "admin_" and not include 17 // any unusual characters that might cause SQL injection 18 if ( ! preg_match ( '/admin_[A-Za-z0-9_]+$/', $key ) ) { 19 die_miserable_death ( 'Invalid admin setting name "' . 20 $key . '"' ); 21 } 22 if ( strlen ( $setting ) > 0 ) { 23 $sql = "DELETE FROM webcal_config WHERE cal_setting = '$setting'"; 24 if ( ! dbi_query ( $sql ) ) { 25 $error = translate("Error") . ": " . dbi_error () . 26 "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql"; 27 break; 28 } 29 if ( strlen ( $value ) > 0 ) { 30 $sql = "INSERT INTO webcal_config " . 31 "( cal_setting, cal_value ) VALUES " . 32 "( '$setting', '$value' )"; 33 if ( ! dbi_query ( $sql ) ) { 34 $error = translate("Error") . ": " . dbi_error () . 35 "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql"; 36 break; 37 } 38 } 39 } 40 } 41 } 42 43 if ( empty ( $error ) ) { 44 if ( empty ( $ovrd ) ) 45 do_redirect ( "admin.php" ); 46 else 47 do_redirect ( "admin.php?ovrd=$ovrd" ); 48 } 49 50 print_header(); 51 ?> 52 53 <h2><?php etranslate("Error")?></h2> 54 55 <?php etranslate("The following error occurred")?>: 56 <blockquote> 57 <?php echo $error; ?> 58 </blockquote> 59 60 <?php print_trailer(); ?> 61 62 </body> 63 </html>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Fri Nov 30 19:09:19 2007 | par Balluche grâce à PHPXref 0.7 |
|
|