From 1bb6c3bc23d08851f6af786f516b3cbc73a6f391 Mon Sep 17 00:00:00 2001 From: Stefan Suhren Date: Mon, 11 May 2015 14:54:29 +0200 Subject: Check for wrong ids --- productdetails.php | 18 +++++++++++------- products.php | 8 ++++++-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/productdetails.php b/productdetails.php index c840421..63ba451 100644 --- a/productdetails.php +++ b/productdetails.php @@ -7,9 +7,18 @@ else { header('Location: categories.php'); } +if(isset($_GET['catid'])) +{ + $catid = $_GET['catid']; +} require_once('vendor.inc.php'); $product = ProductQuery::create()->findOneById($id); + +if ( !is_object($product) ) +{ + header('Location: categories.php'); +} ?> @@ -25,6 +34,7 @@ $product = ProductQuery::create()->findOneById($id);
Contact us
Home
Categories
+
Back to Category
Login
@@ -65,10 +75,4 @@ $product = ProductQuery::create()->findOneById($id); - - - - - \ No newline at end of file + \ No newline at end of file diff --git a/products.php b/products.php index b8391d9..1591799 100644 --- a/products.php +++ b/products.php @@ -9,7 +9,11 @@ else } require_once('vendor.inc.php'); -$category = CategoryQuery::create()->filterById($id)->findOne(); +$category = CategoryQuery::create()->findOneById($id); +if ( !is_object($category) ) +{ + header('Location: categories.php'); +} $products = $category->getProducts(); ?> @@ -33,7 +37,7 @@ $products = $category->getProducts();
getId()}\">{$product->getName()}"; + echo "
getId()}&catid={$id}\">{$product->getName()}
"; echo "
{$product->getDescription()}
"; } ?> -- cgit v1.2.3-70-g09d2