From 5a61331aff0c7c63c69796792ff435a48a7db094 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 7 Dec 2010 11:34:15 -0500
Subject: Move this validation down so we can still assume id=0 if it's not
 present, and then redirect if it's non-numeric.

---
 usr/local/www/pkg_edit.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index 52bc31a..8b71837 100755
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -84,17 +84,16 @@ $id = $_GET['id'];
 if (isset($_POST['id']))
 	$id = htmlspecialchars($_POST['id']);
 
-if(!is_numeric($id)) {
-	Header("Location: /");
-	exit;
-}
-	
-	
 // Not posting?  Then user is editing a record. There must be a valid id
 // when editing a record.
 if(!$id && !$_POST)
 	$id = "0";
-	
+
+if(!is_numeric($id)) {
+	Header("Location: /");
+	exit;
+}
+
 if($pkg['custom_php_global_functions'] <> "")
         eval($pkg['custom_php_global_functions']);
 
-- 
cgit v1.1