fix incorrect var (row_username when it should be row_edit); check to…

… ensure template_id is valid git-svn-id: https://xerteonlinetoolkits.googlecode.com/svn/trunk@171 912cdd6b-5c7d-d5a7-a2ba-d0f0cdb91641
thexerteproject · Oct 20, 2011 · c100a6b · c100a6b
1 parent 07faae2
commit c100a6b
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/edit.php b/edit.php
@@ -38,27 +38,26 @@ function update_access_time($row_edit){
 /*
  * Check the template ID is numeric
  */
-
 if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) {
     _debug("Template id is not numeric. ->" . $_GET['template_id']);
-    require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php";
+    require $xerte_toolkits_site->root_file_path . "modules/xerte/edit.php";
     dont_show_template();
     exit(0);
 }
 
 /*
  * Find out if this user has rights to the template	
  */
-
 $safe_template_id = (int) $_GET['template_id'];
-
 $query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
 
 $query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip);
 
-$query_for_edit_content_response = mysql_query($query_for_edit_content);
+$row_edit = db_query_one($query_for_edit_content);
 
-$row_edit = mysql_fetch_array($query_for_edit_content_response);
+if(empty($row_edit)) {
+    die("Cannot find that template; perhaps it has been deleted?");
+}
 
 if(has_rights_to_this_template($safe_template_id,$_SESSION['toolkits_logon_id'])){	
 
@@ -239,7 +238,8 @@ function update_access_time($row_edit){
 
     }
 
-}else if(is_user_admin()){
+}
+else if(is_user_admin()){
 
     /*
      * Is the current user an administrator - If so access here.
@@ -255,7 +255,7 @@ function update_access_time($row_edit){
      * Wiki mode - check to see if template allows anonymous editing.
      */
 
-    $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/data.xml";
+    $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/data.xml";
 
     $buffer = file_get_contents($string_for_flash_xml);
 
@@ -278,4 +278,3 @@ function update_access_time($row_edit){
     }
 
 }
-