CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Admin\Backend: make sure we do not access unset ->action vars

Browse Source
This commit is contained in:
Clemens Schwaighofer
2024-10-16 12:34:48 +09:00
parent 2e9239ec23
commit ac17bd25a5
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
www/lib/CoreLibs/Admin/Backend.php
View File

@@ -172,7 +172,7 @@ class Backend
}
// queue key
if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action)) {
if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action ?? '')) {
$this->queue_key = \CoreLibs\Create\RandomKey::randomKeyGen(3);
}
}
@@ -282,14 +282,14 @@ class Backend
"NULL" :
"'" . $this->session->getSessionId() . "'")
. ", "
. "'" . $this->db->dbEscapeString($this->action) . "', "
. "'" . $this->db->dbEscapeString($this->action_id) . "', "
. "'" . $this->db->dbEscapeString($this->action_yes) . "', "
. "'" . $this->db->dbEscapeString($this->action_flag) . "', "
. "'" . $this->db->dbEscapeString($this->action_menu) . "', "
. "'" . $this->db->dbEscapeString($this->action_loaded) . "', "
. "'" . $this->db->dbEscapeString($this->action_value) . "', "
. "'" . $this->db->dbEscapeString($this->action_error) . "')";
. "'" . $this->db->dbEscapeString($this->action ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_id ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_yes ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_flag ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_menu ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_loaded ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_value ?? '') . "', "
. "'" . $this->db->dbEscapeString($this->action_error ?? '') . "')";
$this->db->dbExec($q, 'NULL');
}