Functions imported, some dev-scripts added
[mailer.git] / inc / modules / admin / what-usage.php
index e9d28df..09da0a6 100644 (file)
@@ -45,38 +45,44 @@ $usage = getConfig('usage_base')."/";
 
 if (!empty($_GET['image'])) {
        if ($_GET['type'] == "usage") {
-               $file = sprintf("%s%s/usage.png", PATH, getConfig('usage_base'));
+               $FQFN = sprintf("%s%s/usage.png",
+                       constant('PATH'),
+                       getConfig('usage_base')
+               );
        } else {
                if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
-               $file = sprintf("%s%s/%s_usage_%s.png",
-                       PATH,
+               $FQFN = sprintf("%s%s/%s_usage_%s.png",
+                       constant('PATH'),
                        getConfig('usage_base'),
                        SQL_ESCAPE($_GET['type']),
                        SQL_ESCAPE($_GET['image'])
                );
        }
 
-       if (FILE_READABLE($file)) {
-               $image = imagecreatefrompng($file);
+       if (FILE_READABLE($FQFN)) {
+               $image = imagecreatefrompng($FQFN);
                header("Content-type: image/png");
                imagepng($image);
                imagedestroy($image);
        }
        exit();
 } elseif (empty($_GET['usage'])) {
-       $file = sprintf("%s%s/index.html", PATH, getConfig('usage_base'));
+       $FQFN = sprintf("%s%s/index.html",
+               constant('PATH'),
+               getConfig('usage_base')
+       );
 } else {
-       $file = sprintf("%s%s/usage_%s.html",
-               PATH,
+       $FQFN = sprintf("%s%s/usage_%s.html",
+               constant('PATH'),
                getConfig('usage_base'),
                SQL_ESCAPE($_GET['usage'])
        );
 }
 
-if ((!empty($file)) && (FILE_READABLE($file) {
+if ((!empty($FQFN)) && (FILE_READABLE($FQFN))) {
        // @TODO This code is double, see LOAD_TEMPLATE and LOAD_EMAIL_TEMPLATE in functions.php
-       $tmpl_file = READ_FILE($file);
-       $tmpl_file = addslashes($tmpl_file);
+       $tmpl_file = READ_FILE($FQFN);
+       $tmpl_file = SQL_ESCAPE($tmpl_file);
        $tmpl_file = "\$content=\"".$tmpl_file."\";";
        eval($tmpl_file);
        // Until here...