equal
deleted
inserted
replaced
535 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
535 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
536 require_once(ENANO_ROOT.'/includes/diff.php'); |
536 require_once(ENANO_ROOT.'/includes/diff.php'); |
537 $template->header(); |
537 $template->header(); |
538 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
538 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
539 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
539 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
540 if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; } |
540 if ( !$id1 || !$id2 ) |
541 if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || |
541 { |
542 !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; } |
542 echo '<p>Invalid request.</p>'; |
|
543 $template->footer(); |
|
544 break; |
|
545 } |
|
546 if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) |
|
547 { |
|
548 echo '<p>SQL injection attempt</p>'; |
|
549 $template->footer(); |
|
550 break; |
|
551 } |
543 echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); |
552 echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); |
544 $template->footer(); |
553 $template->footer(); |
545 break; |
554 break; |
546 case 'detag': |
555 case 'detag': |
547 if ( $session->user_level < USER_LEVEL_ADMIN ) |
556 if ( $session->user_level < USER_LEVEL_ADMIN ) |