// Init "action" and "what"
global $what, $action, $startTime;
// Init "action" and "what"
global $what, $action, $startTime;
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
- define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
+ define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module'])));
// Does the module exists on local file system?
if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
// Does the module exists on local file system?
if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);