JEMBOT MAWOT Bypass Shell

Current Path : /home/cinepatreb/www/patriaManagment/php/film/genre/
Current File : /home/cinepatreb/www/patriaManagment/php/film/genre/data.php
<?php
include_once '../../../../php/dao/include_dao.php';
session_start();
if (isset($_POST['op'])) {
    $transaction = new Transaction();
    $listeGenreFilm = new ListeGenreFilm();

    if ($_POST['op'] == 'add') {

        $listeGenreFilm->fkFilm = $_POST['fkFilm'];
        $listeGenreFilm->fkGenre = $_POST['fkGenre'];

        $arr = DAOFactory::getListeGenreFilmDAO()->insert($listeGenreFilm);
        $transaction->commit();
    }


    if ($_POST['op'] == 'del') {
        $listeGenreFilm->pkListeGenreFilm = $_POST['pkListeGenreFilm'];
        $arr = DAOFactory::getListeGenreFilmDAO()->delete($listeGenreFilm->pkListeGenreFilm);
        $transaction->commit();
    }
}
?>

<div id="listeGenres">
    <table>
        <tr>
            <td>Genre</td>
            <td>Opération</td>
        </tr>
        <?php
        $listeFilmListGenre = DAOFactory::getListeGenreFilmDAO()->queryByFkFilm($_SESSION['pkFilm']);
        foreach ($listeFilmListGenre as $filmListeGenre) {
            ?>

            <tr>
                <td><?php
                    $genre = DAOFactory::getGenreDAO()->load($filmListeGenre->fkGenre);
                    echo $genre->genre;
                    ?>
                </td>
                <td>
                    <button id="btnGenre_<?php echo $filmListeGenre->pkListeGenreFilm ?>">Supprimer</button>
                </td>
            </tr>
            <?php
        }
        ?>
        <tr>
            <td>
                <select id="genre">

                    <?php
                    $listeGenres = DAOFactory::getGenreDAO()->queryAllOrderBy('genre');

                    foreach ($listeGenres as $genre) { // parcourt le tableau sequetielement et met la valeur parcourue dans $value
                        echo '<option value="' . $genre->pkGenre . '">' . $genre->genre . '</option>';
                    }
                    ?>  


                    ?>
                </select>
            </td>
            <td>
                <button id="buttonAdd">Ajouter</button>

            </td>
        </tr>
    </table>
    <script>

<?php
foreach ($listeFilmListGenre as $filmListeGenre) {
    ?>
            $("#btnGenre_<?php echo $filmListeGenre->pkListeGenreFilm ?>").button();


            $("#btnGenre_<?php echo $filmListeGenre->pkListeGenreFilm ?>").click(function () {
                target = '#listeGenres';
                execAjax(
                        'php/film/genre/data.php', target, {
                            op: 'del',
                            pkListeGenreFilm: <?php echo $filmListeGenre->pkListeGenreFilm ?>

                        }, 1
                        );



            });
    <?php
}
?>
        $("#buttonAdd").button();

        $("#buttonAdd").click(function () {
            target = '#listeGenres';
            execAjax(
                    'php/film/genre/data.php', target, {
                        op: 'add',
                        fkFilm: pkFilm,
                        fkGenre: $("#genre").val()
                    }, 1
                    );



        });
    </script>

</div>
xxxxx1.0, XXX xxxx