More SQL rewrites, TODO: Put all table and column names in backticks (`)

[mailer.git] / inc / modules / guest / action-main.php

diff --git a/inc/modules/guest/action-main.php b/inc/modules/guest/action-main.php
index 0647588b143cc90a8e5acb0b8d246e2f683c9ad5..3177c102275230293ae1bffe8308576d2eba5e02 100644 (file)
--- a/inc/modules/guest/action-main.php
+++ b/inc/modules/guest/action-main.php
@@ -32,31 +32,29 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
+} elseif ($BLOCK_MODE) {
+       // Block mode detected
+       return;
 }
 
 // Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
+ADD_DESCR("guest", __FILE__);
 
 // Load the include file
-$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what']));
 $IS_VALID = WHAT_IS_VALID(GET_ACTION("guest", $GLOBALS['what']), $GLOBALS['what'], "guest");
 
-if ((file_exists($INC)) && (is_readable($INC)) && ($IS_VALID))
-{
+if ((FILE_READABLE($INC)) && ($IS_VALID)) {
        // Ok, we finally load the guest action module
        require_once($INC);
-}
- elseif ($IS_VALID)
-{
+} elseif ($IS_VALID) {
        ADD_FATAL(GUEST_404_ACTION_1.$GLOBALS['what'].GUEST_404_ACTION_2);
-}
- else
-{
+} else {
        ADD_FATAL(GUEST_LOCKED_ACTION);
 }
+
 //
 ?>