************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
if (empty($_CONFIG['css_php'])) $_CONFIG['css_php'] = "FILE";
// Output CSS files or content or link to css.php ?
-if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT"))
-{
+if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT")) {
// Load CSS files
- if (is_array($EXT_CSS_FILES))
- {
+ if (is_array($EXT_CSS_FILES)) {
// Load extension's CSS files
foreach ($EXT_CSS_FILES as $value) $STYLES[] = $value;
}
function GET_CURR_THEME () {
return "default";
}
- }
+ } // END - if
// Output inclusion lines
- foreach ($STYLES as $value)
- {
+ foreach ($STYLES as $value) {
// Only include found CSS files (to reduce 404 requests)
$BASE = sprintf("%stheme/%s/css/", PATH, GET_CURR_THEME());
$file = $BASE.$value;
// Do include only existing files and whose are not empty
- if ((file_exists($file)) && (filesize($file) > 0)) {
+ if ((FILE_READABLE($file)) && (filesize($file) > 0)) {
switch ($_CONFIG['css_php']) {
case "DIRECT":
- OUTPUT_HTML("<link rel=\"stylesheet\" type=\"text/css\" href=\"".URL."/".$BASE."\" />");
+ OUTPUT_HTML("<link rel=\"stylesheet\" type=\"text/css\" href=\"".URL."/theme/".GET_CURR_THEME()."/".$value."\" />");
break;
case "FILE":
if (isBooleanConstantAndTrue('mxchange_installing')) {
// Default theme first
$NEW_THEME = "default";
- if (!empty($_GET['theme'])) $NEW_THEME = $_GET['theme'];
- if (!empty($_POST['theme'])) $NEW_THEME = $_POST['theme'];
+ if (!empty($_GET['theme'])) $NEW_THEME = SQL_ESCAPE($_GET['theme']);
+ if (!empty($_POST['theme'])) $NEW_THEME = SQL_ESCAPE($_POST['theme']);
OUTPUT_HTML("?theme=".$NEW_THEME."&installing=1", false);
}
OUTPUT_HTML("\" />");