public function testArea() { $areas = array('create', 'credits', 'dashboard', 'edit', 'manage', 'media', 'settings'); foreach ($areas as $area) { $this->assertTrue(ae_Security::isValidArea($area)); } $this->assertFalse(ae_Security::isValidArea('created')); $this->assertFalse(ae_Security::isValidArea('')); $this->assertFalse(ae_Security::isValidArea(TRUE)); $this->assertFalse(ae_Security::isValidArea(NULL)); $subAreasManage = array('category', 'comment', 'media', 'page', 'post', 'user'); foreach ($subAreasManage as $area) { $this->assertTrue(ae_Security::isValidSubArea('manage', $area)); } $this->assertFalse(ae_Security::isValidSubArea('manage', 'created')); $this->assertFalse(ae_Security::isValidSubArea('media', 'created')); $this->assertFalse(ae_Security::isValidSubArea('media', '')); $this->assertFalse(ae_Security::isValidSubArea('media', TRUE)); $this->assertFalse(ae_Security::isValidSubArea('media', NULL)); }
<?php require_once '../core/autoload.php'; require_once '../core/config.php'; if (!ae_Security::isLoggedIn()) { header('Location: index.php?error=not_logged_in'); exit; } $area = 'dashboard'; if (!isset($_GET['area'])) { $area = 'dashboard'; } else { if (!ae_Security::isValidArea($_GET['area'])) { $msg = sprintf('Area "%s" is not a valid area.', htmlspecialchars($_GET['area'])); ae_Log::warning($msg); } else { $area = $_GET['area']; } } $sb = new ae_SiteBuilder(); include_once 'sb_params.php'; ?> <!DOCTYPE html> <html> <?php $sb->render('templates/head.php', $paramsHead); ?> <body> <?php