#71 #73 bugfix

GeniXCMS · Sep 5, 2017 · 5a128e8 · 5a128e8
1 parent 8465b4e
commit 5a128e8
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -81,7 +81,7 @@ https://docs.genix.id/user-guide/installation/
 
 - Upload all files, except `inc/config/config.php`.
 - edit your site's config.php, 
-- add this new configuration 
+- add this new configuration if not exist
 ```php
 define('SITE_ID', 'type-random-chars');
 define('ADMIN_DIR', 'gxadmin');

diff --git a/inc/lib/Menus.class.php b/inc/lib/Menus.class.php
@@ -358,7 +358,7 @@ public static function updateMenuOrder($vars)
     {
         foreach ($vars as $k => $v) {
 
-            // print_r($v);
+            $v['order'] = Typo::int($v['order']);
             $sql = array(
                         'table' => 'menus',
                         'id' => Typo::int($k),
@@ -395,7 +395,7 @@ public static function update($vars)
             $sql = array(
                         'table' => 'menus',
                         'id' => $vars['id'],
-                        'key' => $vars['key'],
+                        'key' => $vars['key']
                     );
             $menu = Db::update($sql);
         }
@@ -407,7 +407,7 @@ public static function delete($id)
         $sql = array(
                     'table' => 'menus',
                     'where' => array(
-                                    'id' => $id,
+                                    'id' => $id
                                 ),
                 );
         $menu = Db::delete($sql);

diff --git a/inc/lib/Typo.class.php b/inc/lib/Typo.class.php
@@ -307,7 +307,7 @@ public static function filterXss($str)
 //        $str = preg_replace('#on.*=["|\'](.*)["|\']#', '', $str);
         $str = preg_replace('#(?!<pre>.*?)(onload|onerror|onblur|onchange|onscroll|oninput|
         onfocus|onbeforescriptexecute|ontoggle|onratechange|onreadystatechange|onpropertychange|
-        onqt_error|onpageshow|onclick|onmouseover|onunload|event|formaction|actiontype|background)=("|\')(.*)("|\')(?!.*?</pre>)#', '', $str);
+        onqt_error|onpageshow|onclick|onmouseover|onunload|event|formaction|actiontype|background|oncut)=("|\')(.*)("|\')(?!.*?</pre>)#', '', $str);
         $str = preg_replace('#(.*?)(javascript:.*)(.*?)#', '', $str);
         //$str = preg_replace('#&lt;(.*?)script&gt;#', '', $str);
         return $str;