diff options
author | jim-p <jimp@pfsense.org> | 2010-12-07 11:34:15 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-12-07 11:34:15 -0500 |
commit | 5a61331aff0c7c63c69796792ff435a48a7db094 (patch) | |
tree | 070ebd75d55e605d49dfa34c7b3b0c1c164f63ba | |
parent | 7380bcdbe4be18bcb007f283b71fd5f83b51fced (diff) | |
download | pfsense-5a61331aff0c7c63c69796792ff435a48a7db094.zip pfsense-5a61331aff0c7c63c69796792ff435a48a7db094.tar.gz |
Move this validation down so we can still assume id=0 if it's not present, and then redirect if it's non-numeric.
-rwxr-xr-x | usr/local/www/pkg_edit.php | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 52bc31a..8b71837 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -84,17 +84,16 @@ $id = $_GET['id']; if (isset($_POST['id'])) $id = htmlspecialchars($_POST['id']); -if(!is_numeric($id)) { - Header("Location: /"); - exit; -} - - // Not posting? Then user is editing a record. There must be a valid id // when editing a record. if(!$id && !$_POST) $id = "0"; - + +if(!is_numeric($id)) { + Header("Location: /"); + exit; +} + if($pkg['custom_php_global_functions'] <> "") eval($pkg['custom_php_global_functions']); |