if (!empty($_GET['image'])) {
if ($_GET['type'] == "usage") {
- $file = sprintf("%s%s/usage.png", PATH, getConfig('usage_base'));
+ $FQFN = sprintf("%s%s/usage.png",
+ constant('PATH'),
+ getConfig('usage_base')
+ );
} else {
if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
- $file = sprintf("%s%s/%s_usage_%s.png",
- PATH,
+ $FQFN = sprintf("%s%s/%s_usage_%s.png",
+ constant('PATH'),
getConfig('usage_base'),
SQL_ESCAPE($_GET['type']),
SQL_ESCAPE($_GET['image'])
);
}
- if (FILE_READABLE($file)) {
- $image = imagecreatefrompng($file);
+ if (FILE_READABLE($FQFN)) {
+ $image = imagecreatefrompng($FQFN);
header("Content-type: image/png");
imagepng($image);
imagedestroy($image);
}
exit();
} elseif (empty($_GET['usage'])) {
- $file = sprintf("%s%s/index.html", PATH, getConfig('usage_base'));
+ $FQFN = sprintf("%s%s/index.html",
+ constant('PATH'),
+ getConfig('usage_base')
+ );
} else {
- $file = sprintf("%s%s/usage_%s.html",
- PATH,
+ $FQFN = sprintf("%s%s/usage_%s.html",
+ constant('PATH'),
getConfig('usage_base'),
SQL_ESCAPE($_GET['usage'])
);
}
-if ((!empty($file)) && (FILE_READABLE($file) {
+if ((!empty($FQFN)) && (FILE_READABLE($FQFN))) {
// @TODO This code is double, see LOAD_TEMPLATE and LOAD_EMAIL_TEMPLATE in functions.php
- $tmpl_file = READ_FILE($file);
- $tmpl_file = addslashes($tmpl_file);
+ $tmpl_file = READ_FILE($FQFN);
+ $tmpl_file = SQL_ESCAPE($tmpl_file);
$tmpl_file = "\$content=\"".$tmpl_file."\";";
eval($tmpl_file);
// Until here...