$clean_content_pid = isset($_POST['content_pid']) ? (int) $_POST['content_pid'] : $clean_content_pid; /** * in_array() is a native PHP function that will determine if the value of the * first argument is found in the array listed in the second argument. Strings * are case sensitive and the 3rd argument determines whether type matching is * required */ if (in_array($clean_op, $valid_op, true)) { switch ($clean_op) { case "clone": icms_cp_header(); editcontent($clean_content_id, true); break; case "mod": icms_cp_header(); editcontent($clean_content_id, false, $clean_content_pid); break; case "addcontent": $controller = new icms_ipf_Controller($content_content_handler); $controller->storeFromDefaultForm(_AM_CONTENT_CONTENT_CREATED, _AM_CONTENT_CONTENT_MODIFIED); break; case "del": $controller = new icms_ipf_Controller($content_content_handler); $controller->handleObjectDeletion(); break; case "view": $contentObj = $content_content_handler->get($clean_content_id); icms_cp_header(); icms::$module->displayAdminMenu(0, _AM_CONTENT_CONTENTS . " > " . _PREVIEW . ' > ' . $contentObj->getVar('content_title')); $icmsAdminTpl->assign('content_content_singleview', $contentObj->displaySingleObject(true, false, array('edit', 'delete'))); $icmsAdminTpl->display('db:content_admin_content.html');
} /** Create a whitelist of valid values, be sure to use appropriate types for each value * Be sure to include a value for no parameter, if you have a default condition */ $valid_op = array('mod', 'addcontent', 'del', ''); /** * Only proceed if the supplied operation is a valid operation */ if (in_array($clean_op, $valid_op, true)) { switch ($clean_op) { case "mod": $contentObj = $content_content_handler->get($clean_content_id); if ($clean_content_id > 0 && $contentObj->isNew()) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } editcontent($contentObj); break; case "addcontent": if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } $controller = new icms_ipf_Controller($content_content_handler); $controller->storeFromDefaultForm(_MD_CONTENT_CONTENT_CREATED, _MD_CONTENT_CONTENT_MODIFIED); break; case "del": if (!$contentObj->userCanEditAndDelete()) { redirect_header($contentObj->getItemLink(true), 3, _NOPERM); } if (isset($_POST['confirm'])) { if (!icms::$security->check()) { redirect_header(icms_getPreviousPage(), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));