diff options
-rw-r--r-- | modules-available/statistics/page.inc.php | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/modules-available/statistics/page.inc.php b/modules-available/statistics/page.inc.php index 533a9bf9..05e7903d 100644 --- a/modules-available/statistics/page.inc.php +++ b/modules-available/statistics/page.inc.php @@ -18,32 +18,33 @@ class Page_Statistics extends Page Util::redirect('?do=Main'); } - if (Request::isGet()) { - $this->show = Request::any('show', false, 'string'); - if ($this->show === false) { - if (Request::get('uuid') !== false) { - $this->show = 'machine'; - } elseif (User::hasPermission('view.summary')) { - $this->show = 'summary'; - } elseif (User::hasPermission('view.list')) { - $this->show = 'list'; - } else { - User::assertPermission('view.summary'); - } + $this->show = Request::any('show', false, 'string'); + if ($this->show === false && Request::isGet()) { + if (Request::get('uuid') !== false) { + $this->show = 'machine'; + } elseif (User::hasPermission('view.summary')) { + $this->show = 'summary'; + } elseif (User::hasPermission('view.list')) { + $this->show = 'list'; } else { - $this->show = preg_replace('/[^a-z0-9_\-]/', '', $this->show); + User::assertPermission('view.summary'); } - - if (file_exists('modules/statistics/pages/' . $this->show . '.inc.php')) { + } + if ($this->show !== false) { + $this->show = preg_replace('/[^a-z0-9_\-]/', '', $this->show); + if (!file_exists('modules/statistics/pages/' . $this->show . '.inc.php')) { + Message::addError('main.invalid-action', $this->show); + } else { require_once 'modules/statistics/pages/' . $this->show . '.inc.php'; $this->haveSubpage = true; SubPage::doPreprocess(); - } else { - Message::addError('main.invalid-action', $this->show); } return; } + if (!Request::isPost()) + return; + // POST $action = Request::post('action'); if ($action === 'setnotes') { |