From 4a34ded66e3bd1f38637d47cc5b0a92d785120ca Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 5 May 2020 15:21:09 +0200
Subject: [statistics] Fix handling POST for sub-pages

Fixes machine replace etc.
---
 modules-available/statistics/page.inc.php | 35 ++++++++++++++++---------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/modules-available/statistics/page.inc.php b/modules-available/statistics/page.inc.php
index 533a9bf9..05e7903d 100644
--- a/modules-available/statistics/page.inc.php
+++ b/modules-available/statistics/page.inc.php
@@ -18,32 +18,33 @@ class Page_Statistics extends Page
 			Util::redirect('?do=Main');
 		}
 
-		if (Request::isGet()) {
-			$this->show = Request::any('show', false, 'string');
-			if ($this->show === false) {
-				if (Request::get('uuid') !== false) {
-					$this->show = 'machine';
-				} elseif (User::hasPermission('view.summary')) {
-					$this->show = 'summary';
-				} elseif (User::hasPermission('view.list')) {
-					$this->show = 'list';
-				} else {
-					User::assertPermission('view.summary');
-				}
+		$this->show = Request::any('show', false, 'string');
+		if ($this->show === false && Request::isGet()) {
+			if (Request::get('uuid') !== false) {
+				$this->show = 'machine';
+			} elseif (User::hasPermission('view.summary')) {
+				$this->show = 'summary';
+			} elseif (User::hasPermission('view.list')) {
+				$this->show = 'list';
 			} else {
-				$this->show = preg_replace('/[^a-z0-9_\-]/', '', $this->show);
+				User::assertPermission('view.summary');
 			}
-
-			if (file_exists('modules/statistics/pages/' . $this->show . '.inc.php')) {
+		}
+		if ($this->show !== false) {
+			$this->show = preg_replace('/[^a-z0-9_\-]/', '', $this->show);
+			if (!file_exists('modules/statistics/pages/' . $this->show . '.inc.php')) {
+				Message::addError('main.invalid-action', $this->show);
+			} else {
 				require_once 'modules/statistics/pages/' . $this->show . '.inc.php';
 				$this->haveSubpage = true;
 				SubPage::doPreprocess();
-			} else {
-				Message::addError('main.invalid-action', $this->show);
 			}
 			return;
 		}
 
+		if (!Request::isPost())
+			return;
+
 		// POST
 		$action = Request::post('action');
 		if ($action === 'setnotes') {
-- 
cgit v1.2.3-55-g7522