* MA 02110-1301 USA *
************************************************************************/
-// APD call (if you have this apache extension and want to debug this script for us)
-//apd_set_pprof_trace();
+// XDEBUG call
+//xdebug_start_trace();
// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
require_once ("inc/libs/security_functions.php");
$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
$GLOBALS['userid'] = 0;
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
// Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
// Needed include files
require ("inc/config.php");
// Check if logged in
-if (IS_LOGGED_IN()) {
+if (IS_MEMBER()) {
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
// Does the module exists on local file system?
- if (((file_exists(__MODULE)) && (is_readable(__MODULE))) && (sizeof($FATAL) == 0)) {
+ if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
// Module is valid, active and located on the local disc...
$MOD_VALID = true;
} elseif (!empty($URL)) {
break;
case "locked":
- if (!file_exists(PATH."inc/modules/".$GLOBALS['module'].".php"))
+ if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php"))
{
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
projects / mailer.git / blobdiff