Admin\Backend: make sure we do not access unset ->action vars

On default it still auto loads the _POST vars for backwards compatible, but add a load class
flag to ignore it "init_action_vars"

also add a get vor tha "acl" array adbGetAcl()

.gitignore

@@ -1 +1,2 @@
 .libs
+node_modules/

www/admin/class_test.error_msg.php

@@ -61,6 +61,8 @@ print "ErrorsIds: <pre>" . $log->prAr($em->getErrorIds()) . "</pre>";
 print "Errors: <pre>" . $log->prAr($em->getErrorMsg()) . "</pre>";
 print "JumpTargets: <pre>" . $log->prAr($em->getJumpTarget()) . "</pre>";
 
+print "IS info > ok: " . ml::fromName('info')->isHigherThan(ml::ok) . "<br>";
+
 print "</body></html>";
 
 $log->debug('[END]', '==========================================>');

www/lib/CoreLibs/Admin/Backend.php

@@ -117,18 +117,20 @@ class Backend
 	/**
 	 * main class constructor
 	 *
-	 * @param \CoreLibs\DB\IO          $db      Database connection class
-	 * @param \CoreLibs\Logging\Logging  $log     Logging class
-	 * @param \CoreLibs\Create\Session $session Session interface class
-	 * @param \CoreLibs\Language\L10n  $l10n    l10n language class
-	 * @param int|null                 $set_default_acl_level Default ACL level
+	 * @param \CoreLibs\DB\IO           $db      Database connection class
+	 * @param \CoreLibs\Logging\Logging $log     Logging class
+	 * @param \CoreLibs\Create\Session  $session Session interface class
+	 * @param \CoreLibs\Language\L10n   $l10n    l10n language class
+	 * @param int|null                  $set_default_acl_level [default=null] Default ACL level
+	 * @param bool                      $init_action_vars [default=true] If the action vars should be set
 	 */
 	public function __construct(
 		\CoreLibs\DB\IO $db,
 		\CoreLibs\Logging\Logging $log,
 		\CoreLibs\Create\Session $session,
 		\CoreLibs\Language\L10n $l10n,
-		?int $set_default_acl_level = null
+		?int $set_default_acl_level = null,
+		bool $init_action_vars = true
 	) {
 		// attach db class
 		$this->db = $db;
@@ -151,9 +153,9 @@ class Backend
 		// set the page name
 		$this->page_name = \CoreLibs\Get\System::getPageName();
 
-		// set the action ids
-		foreach ($this->action_list as $_action) {
-			$this->$_action = $_POST[$_action] ?? '';
+		// NOTE: if any of the "action" vars are used somewhere, it is recommended to NOT set them here
+		if ($init_action_vars) {
+			$this->adbSetActionVars();
 		}
 
 		if ($set_default_acl_level === null) {
@@ -170,7 +172,7 @@ class Backend
 		}
 
 		// queue key
-		if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action)) {
+		if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action ?? '')) {
 			$this->queue_key = \CoreLibs\Create\RandomKey::randomKeyGen(3);
 		}
 	}
@@ -195,6 +197,29 @@ class Backend
 		$this->acl = $acl;
 	}
 
+	/**
+	 * Return current set ACL
+	 *
+	 * @return array<mixed>
+	 */
+	public function adbGetAcl(): array
+	{
+		return $this->acl;
+	}
+
+	/**
+	 * Set _POST action vars if needed
+	 *
+	 * @return void
+	 */
+	public function adbSetActionVars()
+	{
+		// set the action ids
+		foreach ($this->action_list as $_action) {
+			$this->$_action = $_POST[$_action] ?? '';
+		}
+	}
+
 	/**
 	 * writes all action vars plus other info into edit_log table
 	 *
@@ -257,14 +282,14 @@ class Backend
 				"NULL" :
 				"'" . $this->session->getSessionId() . "'")
 			. ", "
-			. "'" . $this->db->dbEscapeString($this->action) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_id) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_yes) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_flag) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_menu) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_loaded) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_value) . "', "
-			. "'" . $this->db->dbEscapeString($this->action_error) . "')";
+			. "'" . $this->db->dbEscapeString($this->action ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_id ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_yes ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_flag ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_menu ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_loaded ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_value ?? '') . "', "
+			. "'" . $this->db->dbEscapeString($this->action_error ?? '') . "')";
 		$this->db->dbExec($q, 'NULL');
 	}