All, except security block, include()/require() rewritten to own LOAD_INC()/LOAD_INC_...

[mailer.git] / inc / modules / guest / action-sponsor.php

diff --git a/inc/modules/guest/action-sponsor.php b/inc/modules/guest/action-sponsor.php
index 3485b82deb46c35253c0dc2e405e16ef83d75d18..d2a0a9c9eb912cb946f93273ef110dc5a79010ae 100644 (file)
--- a/inc/modules/guest/action-sponsor.php
+++ b/inc/modules/guest/action-sponsor.php
@@ -31,25 +31,30 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
        require($INC);
+} elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
+       addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "sponsor");
+       return;
+} elseif ($BLOCK_MODE) {
+       // Block mode detected
+       return;
 }
 
 // Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
+ADD_DESCR("guest", __FILE__);
 
 // Load the include file
-$INC = PATH."inc/modules/guest/what-".$what.".php";
-if (file_exists($INC))
-{
+$INC = sprintf("inc/modules/guest/what-%s.php", SQL_ESCAPE($GLOBALS['what']));
+if (FILE_READABLE($INC)) {
        // Ok, we finally load the guest action module
-       include($INC);
-}
- else
-{
-       $FATAL[] = GUEST_404_ACTION_1.$what.GUEST_404_ACTION_2;
+       LOAD_INC($INC);
+} elseif ($IS_VALID) {
+       addFatalMessage(sprintf(getMessage('GUEST_404_ACTION'), SQL_ESCAPE($GLOBALS['what'])));
+} else {
+       addFatalMessage(sprintf(getMessage('GUEST_LOCKED_ACTION'), SQL_ESCAPE($GLOBALS['what'])));
 }
+
 //
 ?>