function getArticlesAdminContent() { $ret = ''; $action = $_GET['action']; switch ($action) { case 'editcategory': $ID = (int) $_REQUEST['id']; if ($ID > 0) { $ret .= editcategory($ID); } else { $ret .= getTree(); } break; case 'addprop': $ID = (int) $_REQUEST['id']; if ($ID > 0) { $ret .= addprop($ID); } else { $ret .= getTree(); } break; case 'editprop': $ID = (int) $_REQUEST['id']; if ($ID > 0) { $ret .= editprop($ID); } else { $ret .= getTree(); } break; default: $ret .= getTree(); break; } return $ret; }
$clean_category_id = isset($_GET['catid']) ? (int) $_GET['catid'] : 0; /** Create a whitelist of valid values, be sure to use appropriate types for each value * Be sure to include a value for no parameter, if you have a default condition */ $valid_op = array('mod', 'changedField', 'addcategory', 'del', ''); /** * in_array() is a native PHP function that will determine if the value of the * first argument is found in the array listed in the second argument. Strings * are case sensitive and the 3rd argument determines whether type matching is * required */ if (in_array($clean_op, $valid_op, true)) { switch ($clean_op) { case "mod": icms_cp_header(); editcategory($clean_category_id); break; case "changedField": foreach ($_POST['mod_profile_Category_objects'] as $k => $v) { $categoryObj = $profile_category_handler->get($v); if ($categoryObj->getVar('cat_weight', 'e') != $_POST['cat_weight'][$k]) { $categoryObj->setVar('cat_weight', (int) $_POST['cat_weight'][$k]); $profile_category_handler->insert($categoryObj); } } redirect_header('category.php', 3, _AM_PROFILE_CATEGORY_MODIFIED); break; case "addcategory": $controller = new icms_ipf_Controller($profile_category_handler); $controller->storeFromDefaultForm(_AM_PROFILE_CATEGORY_CREATED, _AM_PROFILE_CATEGORY_MODIFIED); break;