Bug in admin/navigation_links.php

Archive

Messagepar nkm » Jeu 07 Juin 2007, 18:26

Hi, I've just found a bug in admin/navigation_links.php, it's in the update link php code.

When the data is going to be updated in the database the query doesn't work due to an error setting the method of the nID variable, here is the code:

Here, the query searchs for nID as a POST variable, when nID is passed as GET:
Code: Tout sélectionner
      $update_nav = tep_db_query(" update ".TABLE_NAVIGATION_LINKS." set nav_sort_order = '".$nav_sort_order."' , nav_css_id ='".$nav_css_id."', nav_file = '".$nav_file."', nav_link_type ='".$nav_link_type."', customers_status = '".$nav_customer_status."' where nav_link_id ='".(int)$_POST['nID']."' ");

To fix it, just change $_POST['nID'] to $_GET['nID'] or replace the line 115 in admin/navigation_links.php with this line:
Code: Tout sélectionner
      $update_nav = tep_db_query(" update ".TABLE_NAVIGATION_LINKS." set nav_sort_order = '".$nav_sort_order."' , nav_css_id ='".$nav_css_id."', nav_file = '".$nav_file."', nav_link_type ='".$nav_link_type."', customers_status = '".$nav_customer_status."' where nav_link_id ='".(int)$_GET['nID']."' ");

Sorry for my bad english.

Regards,
nkm
nkm
Membre inactif
 
Messages: 2
Inscription: Dim 13 Mai 2007, 06:31

Retourner vers osCSS 1.1

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 3 invités

cron