@ -27,6 +27,9 @@ require_once('common.php');
$username = authentication_get_username(); # enforce login
$table = safepost('table', safeget('table'));
if(!is_string($table)) {
die("Invalid table name given!");
}
$handlerclass = ucfirst($table) . 'Handler';
if (!preg_match('/^[a-z]+$/', $table) || !file_exists(dirname(__FILE__) . "/../model/$handlerclass.php")) { # validate $table