projects / Pman.Core / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 158d9e5)
MessagePreview.php
authorAlan <alan@roojs.com>
Thu, 29 Sep 2022 07:22:09 +0000 (15:22 +0800)
committerAlan <alan@roojs.com>
Thu, 29 Sep 2022 07:22:09 +0000 (15:22 +0800)
MessagePreview.php patch | blob | history

diff --git a/MessagePreview.php b/MessagePreview.php
index 6a7e94f..896bdf8 100644 (file)
--- a/MessagePreview.php
+++ b/MessagePreview.php
@@ -29,6 +29,20 @@ class Pman_Core_MessagePreview extends Pman
         
         $mlq->get($_REQUEST['_id']);
         
+        if (isset($_REQUEST['ontable']) && !empty($_REQUEST['onid'])) {
+            $t = DB_DataObject::factory(preg_replace('/^[a-z_]+/i', '', $_REQUEST['ontable']));
+            if (!is_a($t, 'DB_DataObject') && !is_a($t, 'PDO_DataObject')) {
+                $this->jerr("invalid URL");
+            }
+            if (!$t->get($_REQUEST['onid'])) {
+                $this->jerr("invalid id");
+            }
+            if (!method_exists($t->toEmail())) {
+                
+                
+            }
+        }
+        
         $this->msg = $mlq;
 
         $this->showHtml = isset($_REQUEST['_as_html']) ? true : false;
Pman Core