Register globals

bureau/admin/adm_deactivate.php

@@ -31,13 +31,24 @@ require_once("../class/config.php");
 
 include_once("head.php");
 
-$uid = $_GET['uid'];
+if (!$admin->enabled) {
+	__("This page is restricted to authorized staff");
+	exit;
+}
+$fields = array (
+	"uid"    		=> array ("request",  "integer", ""),
+	"submit"    		=> array ("post", "string", ""),
+	"redirect"    		=> array ("post", "string", ""),
+);
+getFields($fields);
+
 if (!$uid) {
 	__("Missing uid");
 	include_once("foot.php");
 	exit();
 }
-if (!$admin->enabled || !$admin->checkcreator($uid)) {
+
+if (!$admin->checkcreator($uid)) {
         __("This page is restricted to authorized staff");
 	include_once("foot.php");
 	exit();
@@ -49,12 +60,15 @@ if (!$r=$admin->get($uid)) {
 	exit();
 }
 
-if (! ($confirmed = ($_GET['submit'] == _("Confirm")) ) ) {
+$confirmed = ($submit == _("Confirm"))?true:false;
+
+
+if (! ($confirmed ) ) {
   print '<h2>' . _('WARNING: experimental feature, use at your own risk') . '</h2>';
   __("The following domains will be deactivated and redirected to the URL entered in the following box. A backup of the domain configuration will be displayed as a serie of SQL request that you can run to restore the current configuration if you want. Click confirm if you are sure you want to deactivate all this user's domains.");
 
   ?>
-  <form action="<?php echo $PHP_SELF?>" method="GET">
+  <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
   <input type="hidden" name="uid" value="<?php echo $uid?>" />
   <?php __("Redirection URL:") ?> <input type="text" name="redirect" class="int" value="http://example.com/" />
   <input type="submit" name="submit" class="inb" value="<?php __("Confirm")?>" />
@@ -63,13 +77,11 @@ if (! ($confirmed = ($_GET['submit'] == _("Confirm")) ) ) {
 
   print "<h3>" . _("Domains of user: ") . $r["login"] . "</h3>";
 } else {
-  if (!$_GET['redirect']) {
+  if (empty($redirect)) {
     __("Missing redirect url.");
     include_once("foot.php");
     exit();
-  } else {
-    $redirect = $_GET['redirect'];
-  }
+  } 
 }
 
 # this string will contain an SQL request that will be printed at the end of the process and that can be used to reload the old domain configuration

bureau/admin/adm_list.php

@@ -41,7 +41,7 @@ if (!$admin->enabled) {
 $fields = array (
 	"show"    => array ("request", "string", ""),
 	"creator" => array("request", "integer", 0),
-	"short" => array("request", "integer", -1),
+	"short"   => array("request", "integer", -1),
 );
 getFields($fields);
 
@@ -112,11 +112,10 @@ if ($mem->user["admlist"]==0) { // Normal (large) mode
 <tr><td colspan="6">
 <?php  if (count($r)>5) { ?>
 <input type="submit" class="inb" name="submit" value="<?php __("Delete checked accounts"); ?>" />
-			  <?php } ?>
+<?php } ?>
 </td>
 <td  class="trbtn" colspan="4">
 <span class="inav"><a href="adm_list.php?short=1"><?php __("Minimal view"); ?></a></span> &nbsp;
-<span class="ina" style="cursor: text"><?php __("Complete view"); ?></span>
 </td>
 </tr>
 <tr>
@@ -196,10 +195,9 @@ if ($mem->user["admlist"]==1) { // SHORT MODE
 <tr><td colspan="4">
 <?php  if (count($r)>50) { ?>
 <input type="submit" class="inb" name="submit" value="<?php __("Delete checked accounts"); ?>" />
-			  <?php } ?>
+<?php } ?>
 </td>
 <td  class="trbtn" colspan="5">
-<span class="ina" style="cursor: text"><?php __("Minimal view"); ?></span> &nbsp;
 <span class="inav"><a href="adm_list.php?short=0"><?php __("Complete view"); ?></a></span>
 </td>
 </tr>
@@ -254,7 +252,11 @@ if (is_array($val)) {
 
 } else echo "<td style=\"padding-right: 2px; border-right: 1px solid;\" colspan=\"3\"></td></tr>";
 
-$val=$r[$z+2*$rz];
+$val=null;
+if (isset($r[$z+2*$rz])) {
+  $val=$r[$z+2*$rz];
+}
+ 
 if (is_array($val)) {
 ?>
 <?php if ($val["su"]) { ?>