index.php
changeset 900 c5409416b61b
parent 867 fc4e242995d4
child 906 c949e82b8f49
equal deleted inserted replaced
899:df88cedf0995 900:c5409416b61b
   535       require_once(ENANO_ROOT.'/includes/pageutils.php');
   535       require_once(ENANO_ROOT.'/includes/pageutils.php');
   536       require_once(ENANO_ROOT.'/includes/diff.php');
   536       require_once(ENANO_ROOT.'/includes/diff.php');
   537       $template->header();
   537       $template->header();
   538       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   538       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   539       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   539       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   540       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
   540       if ( !$id1 || !$id2 )
   541       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
   541       {
   542          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
   542         echo '<p>Invalid request.</p>';
       
   543         $template->footer();
       
   544         break;
       
   545       }
       
   546       if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) )
       
   547       {
       
   548         echo '<p>SQL injection attempt</p>';
       
   549         $template->footer();
       
   550         break;
       
   551       }
   543       echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
   552       echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
   544       $template->footer();
   553       $template->footer();
   545       break;
   554       break;
   546     case 'detag':
   555     case 'detag':
   547       if ( $session->user_level < USER_LEVEL_ADMIN )
   556       if ( $session->user_level < USER_LEVEL_ADMIN )