while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) {
if ($v['backend'] == "") {
continue;
}
//Possible rfi
//and defintly a lfi
//but won't really matter as it would be better to attack from the module file included..
//although if someone gains write access to db, they could comprimise the whole site.
$path = "../modules/" . $v['foldername'] . "/" . $v['backend'];
include $path;
}
mysql_free_result($result);
$text = "";
$error = "";
$success = "";
switch ($admin->get('currentpage')) {
/**
* Pages, here we add new pages
*/
case "pages":
if (isset($_GET['mp_id']) && isset($_GET['mp_to']) && isset($_GET['mp_from'])) {
//Check if sort and id matches
$admin->movePage($_GET['mp_id'], $_GET['mp_from'], $_GET['mp_to']);
//Sorting will be made with ajax, so perhaps die here?
//die();
} else {
if (isset($_POST['addpage'])) {
if (!isset($_POST['name']) || $_POST['name'] == "") {
$error = "Please fill in the name of the page";
} else {
if ($admin->insertNewPage($_POST['name'], $_POST['position'], $_POST['position_item'])) {