36 { |
36 { |
37 edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); |
37 edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); |
38 clean_page("edit.php?id=".$_POST["domainid"]); |
38 clean_page("edit.php?id=".$_POST["domainid"]); |
39 } elseif($_SESSION["partial_".get_domain_name_from_id($_GET["domain"])] == 1) |
39 } elseif($_SESSION["partial_".get_domain_name_from_id($_GET["domain"])] == 1) |
40 { |
40 { |
41 $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1"); |
41 $db->setLimit(1); |
|
42 $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"])); |
42 if (empty($checkPartial)) { |
43 if (empty($checkPartial)) { |
43 error(ERR_RECORD_ACCESS_DENIED); |
44 error(ERR_RECORD_ACCESS_DENIED); |
44 } |
45 } |
45 } |
46 } |
46 include_once("inc/header.inc.php"); |
47 include_once("inc/header.inc.php"); |
47 ?> |
48 ?> |
48 <h2><? echo _('Edit record in zone'); ?> "<? echo get_domain_name_from_id($_GET["domain"]) ?>"</h2> |
49 <h2><? echo _('Edit record in zone'); ?> "<? echo get_domain_name_from_id($_GET["domain"]) ?>"</h2> |
49 <? |
50 <? |
50 |
51 |
51 $x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id='".$_GET['id']."' AND u.id=r.user_id"); |
52 $x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($_GET['id'])." AND u.id=r.user_id"); |
52 if (level(10) && ($x_result->numRows() > 0)) |
53 if (level(10) && ($x_result->numRows() > 0)) |
53 { |
54 { |
54 ?> |
55 ?> |
55 <div id="meta"> |
56 <div id="meta"> |
56 <div id="meta-left"> |
57 <div id="meta-left"> |