RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1510 from xisi/security-pagecontrollerfix

Browse Source 
Fix issue #1508
This commit is contained in:
Sebastian Grewe 2014-01-21 03:20:38 -08:00
commit bf484c4be2
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/index.php
View File

@ -54,6 +54,7 @@ if (is_dir(INCLUDE_DIR . '/pages/')) {
} }
// Set a default action here if no page has been requested // Set a default action here if no page has been requested
@$_REQUEST['page'] = (is_array($_REQUEST['page']) || !isset($_REQUEST['page'])) ? 'home' : $_REQUEST['page'];
if (isset($_REQUEST['page']) && isset($arrPages[$_REQUEST['page']])) { if (isset($_REQUEST['page']) && isset($arrPages[$_REQUEST['page']])) {
$page = $_REQUEST['page']; $page = $_REQUEST['page'];
} else if (isset($_REQUEST['page']) && ! isset($arrPages[$_REQUEST['page']])) { } else if (isset($_REQUEST['page']) && ! isset($arrPages[$_REQUEST['page']])) {
@ -72,7 +73,7 @@ if (is_dir(INCLUDE_DIR . '/pages/' . $page)) {
} }
} }
// Default to empty (nothing) if nothing set or not known // Default to empty (nothing) if nothing set or not known
$action = isset($_REQUEST['action']) && isset($arrActions[$_REQUEST['action']]) ? $_REQUEST['action'] : ""; $action = (isset($_REQUEST['action']) && !is_array($_REQUEST['action'])) && isset($arrActions[$_REQUEST['action']]) ? $_REQUEST['action'] : "";
// Load the page code setting the content for the page OR the page action instead if set // Load the page code setting the content for the page OR the page action instead if set
if (!empty($action)) { if (!empty($action)) {

4
public/templates/mpos/global/breadcrumbs.tpl
View File

@ -1,3 +1,5 @@
<div class="breadcrumbs_container"> <div class="breadcrumbs_container">
<article class="breadcrumbs"><a href="{$smarty.server.SCRIPT_NAME}">{$GLOBAL.website.name|default:"Unknown Pool"}</a> <div class="breadcrumb_divider"></div> <a class="{if ! $smarty.request.action|default:""}current{/if}" {if $smarty.request.action|default:""}href="{$smarty.server.SCRIPT_NAME}?page={$smarty.request.page|default:"home"|escape|replace:'"':''}"{/if}>{$smarty.request.page|escape|default:"Home"|capitalize|escape|replace:'"':''}</a>{if $smarty.request.action|default:""} <div class="breadcrumb_divider"></div> <a class="current">{$smarty.request.action|escape|capitalize|escape|replace:'"':''}</a>{/if}</article> {if $PAGE|@count == 0}{assign "PAGE" $smarty.request.page}{else}{assign "PAGE" "home"}{/if}
{if $ACTION|@count == 0}{assign "ACTION" $smarty.request.action}{else}{assign "ACTION" ""}{/if}
<article class="breadcrumbs"><a href="{$smarty.server.SCRIPT_NAME}">{$GLOBAL.website.name|default:"Unknown Pool"}</a> <div class="breadcrumb_divider"></div> <a class="{if ! $ACTION|default:""}current{/if}" {if $ACTION|default:""}href="{$smarty.server.SCRIPT_NAME}?page={$PAGE|default:"home"|escape|replace:'"':''}"{/if}>{$PAGE|escape|default:"Home"|capitalize|escape|replace:'"':''}</a>{if $ACTION|default:""} <div class="breadcrumb_divider"></div> <a class="current">{$ACTION|escape|capitalize|escape|replace:'"':''}</a>{/if}</article>
</div> </div>