From: Roland Haeder Date: Fri, 24 Mar 2017 20:08:03 +0000 (+0100) Subject: Continued: X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=084dbd68593bebcbc1ed2a94258618be941f6945;p=friendica.git Continued: - some spaces added - removed parentheses as requested by @Hypolite - added really important TODO as remote-inclusion is not what you want Signed-off-by: Roland Haeder --- diff --git a/index.php b/index.php index 326d8dc2fd..3108e57cf2 100644 --- a/index.php +++ b/index.php @@ -496,14 +496,14 @@ if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) { $page = $a->page; $profile = $a->profile; -header("X-Friendica-Version: ".FRIENDICA_VERSION); +header("X-Friendica-Version: " . FRIENDICA_VERSION); header("Content-type: text/html; charset=utf-8"); // We use $_GET["mode"] for special page templates. So we will check if we have // to load another page template than the default one // The page templates are located in /view/php/ or in the theme directory if (isset($_GET["mode"])) { - $template = theme_include($_GET["mode"].'.php'); + $template = theme_include($_GET["mode"] . '.php'); } // If there is no page template use the default page template @@ -511,7 +511,8 @@ if (!$template) { $template = theme_include("default.php"); } -require_once($template); +/// @TODO Looks unsafe (remote-inclusion), is maybe not but theme_include() uses file_exists() but does not escape anything +require_once $template; if (!$a->is_backend()) { session_write_close();