// Init "action" and "what"
global $what, $action, $startTime;
// Init "action" and "what"
global $what, $action, $startTime;
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Did we found the module listed in allowed modules and are we successfully connected?
$check = CHECK_MODULE($GLOBALS['module']);
switch ($check)
// Did we found the module listed in allowed modules and are we successfully connected?
$check = CHECK_MODULE($GLOBALS['module']);
switch ($check)
- define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
+ define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module'])));
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
/////////////////////////////////////////////
// Main including line DO NOT REMOVE/EDIT! //
/////////////////////////////////////////////
//
// Everything is okay so we can load the module
include (__MODULE);
/////////////////////////////////////////////
// Main including line DO NOT REMOVE/EDIT! //
/////////////////////////////////////////////
//
// Everything is okay so we can load the module
include (__MODULE);