public function testArea() { $areas = array('create', 'credits', 'dashboard', 'edit', 'manage', 'media', 'settings'); foreach ($areas as $area) { $this->assertTrue(ae_Security::isValidArea($area)); } $this->assertFalse(ae_Security::isValidArea('created')); $this->assertFalse(ae_Security::isValidArea('')); $this->assertFalse(ae_Security::isValidArea(TRUE)); $this->assertFalse(ae_Security::isValidArea(NULL)); $subAreasManage = array('category', 'comment', 'media', 'page', 'post', 'user'); foreach ($subAreasManage as $area) { $this->assertTrue(ae_Security::isValidSubArea('manage', $area)); } $this->assertFalse(ae_Security::isValidSubArea('manage', 'created')); $this->assertFalse(ae_Security::isValidSubArea('media', 'created')); $this->assertFalse(ae_Security::isValidSubArea('media', '')); $this->assertFalse(ae_Security::isValidSubArea('media', TRUE)); $this->assertFalse(ae_Security::isValidSubArea('media', NULL)); }
<?php require_once '../../core/autoload.php'; require_once '../../core/config.php'; if (!ae_Security::isLoggedIn()) { header('Location: ../index.php?error=not_logged_in'); exit; } if (!isset($_POST['area']) || !ae_Security::isValidSubArea('create', $_POST['area'])) { header('Location: ../admin.php?error=unknown_create_area'); exit; } if (isset($_POST['edit-id']) && !ae_Validate::id($_POST['edit-id'])) { header('Location: ../admin.php?area=manage&' . $_POST['area'] . '&error=invalid_edit_id'); exit; } /** * Create the category. * @return {int} ID of the new category. */ function createCategory() { if (!isset($_POST['category-title'], $_POST['category-parent'], $_POST['category-permalink'])) { header('Location: ../admin.php?error=missing_data_for_category'); exit; } $permalink = trim($_POST['category-permalink']); $category = new ae_CategoryModel(); if (isset($_POST['edit-id'])) { $category->setId($_POST['edit-id']); }