diff options
| author | Andrew Dolgov <[email protected]> | 2009-12-29 18:49:27 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2009-12-29 18:49:27 +0300 |
| commit | b4e75b2a25d0a30d77b2160c8195835c9816cfe0 (patch) | |
| tree | 9900c7c8e7ba8d3719ae8d7430866485838169d3 /modules/pref-users.php | |
| parent | 12e55b9017fe02824d52ef8639de11356ae2d4d4 (diff) | |
use POST parameters for frontend requests
Diffstat (limited to 'modules/pref-users.php')
| -rw-r--r-- | modules/pref-users.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/modules/pref-users.php b/modules/pref-users.php index 7a878b18f..6b4df8854 100644 --- a/modules/pref-users.php +++ b/modules/pref-users.php @@ -12,7 +12,7 @@ if ($subop == "user-details") { - $uid = sprintf("%d", $_GET["id"]); + $uid = sprintf("%d", $_REQUEST["id"]); print "<div id=\"infoBoxTitle\">".__('User details')."</div>"; @@ -103,7 +103,7 @@ if ($subop == "edit") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); print "<div id=\"infoBoxTitle\">".__('User Editor')."</div>"; @@ -213,7 +213,7 @@ if ($_SESSION["access_level"] >= 10) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"]) { @@ -227,7 +227,7 @@ if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); + $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); @@ -266,7 +266,7 @@ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $uid = db_escape_string($_GET["id"]); + $uid = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -346,9 +346,9 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); - $user_search = db_escape_string($_GET["search"]); + $user_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; @@ -363,7 +363,7 @@ onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\"> </div>"; - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; @@ -427,7 +427,7 @@ $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; - $edit_uid = $_GET["id"]; + $edit_uid = $_REQUEST["id"]; if ($subop == "edit" && $uid != $edit_uid) { $class .= "Grayed"; |