<?php
// +----------------------------------------------------------------------+
// | OpenConf |
// +----------------------------------------------------------------------+
// | Copyright (c) 2002-2014 Zakon Group LLC. All Rights Reserved. |
// +----------------------------------------------------------------------+
// | This source file is subject to the OpenConf License, available on |
// | the OpenConf web site: www.OpenConf.com |
// +----------------------------------------------------------------------+
require_once '../include.php';
// Is module valid & installed
if (!isset($_REQUEST['module']) || !oc_moduleValid($_REQUEST['module']) || !oc_module_installed($_REQUEST['module'])) {
err('Module is not installed', 'Error', 3);
}
// Is action valid
elseif (!isset($_REQUEST['action']) || !preg_match("/^[\w\-]+\.\w+$/",$_REQUEST['action']) || !is_file($_REQUEST['module'] . '/' . $_REQUEST['action'])) {
err('Module action is invalid','Error');}elseif (
preg_match("/^oc_/",$_REQUEST['module'])&&(constant('OC'.'C_L'.'ICENSE')=='Pub'.'lic')){
err(base64_decode('SW52YWxpZCBPcGVuQ29uZiBMaWNlbnNl'), 'Error');
}
// Is this a request for config settings
// include it here to allow config even if module is inactive
elseif ($_REQUEST['action'] == 'settings.inc') {
define('OCC_MODULE_ID', $_REQUEST['module']);
define('OCC_SELF', $_SERVER['PHP_SELF'] . '?module=' . OCC_MODULE_ID . '&action=settings.inc');
// read in module config even if not active
if (!oc_moduleActive(OCC_MODULE_ID) && is_file(OCC_MODULE_ID . '/config.inc')) {
require_once OCC_MODULE_ID . '/config.inc';
}
// setup chair session
beginChairSession();
// display settings page
if (is_file(OCC_PLUGINS_DIR . 'ckeditor/ckeditor.js')) {
$useCK = true;
oc_addHeader('<script type="text/javascript" src="' . OCC_PLUGINS_DIR . 'ckeditor/ckeditor.js"></script>');
} else {
$useCK = false;
}
$OC_displayTop = '<a href="modules.php">Modules</a> » ';
printHeader($OC_modulesAR[OCC_MODULE_ID]['name'] . " Settings",1);
require_once OCC_MODULE_ID . '/settings.inc';
printFooter();
exit;
}
// Is action extension valid
elseif (preg_match("/\.(?:inc|sql)$/",$_REQUEST['action'])) {
err('Request for module action is not permitted','Error');
}
// Is module active
elseif (!in_array($_REQUEST['module'],$OC_activeModulesAR)) {
err('Module is not active','Error');
}
// OK already
else {
define('OCC_MODULE_ID', $_REQUEST['module']);
// Friendly URL? If so, decipher params
if ((OCC_LICENSE=='P'.'ublic') && preg_match("/^oc_/",$_REQUEST['module'])){exit;}
if (isset($_GET['ocparams']) && !empty($_GET['ocparams'])) {
$params = '';
if (preg_match_all("/(\w+)--(\w+)_-/", $_GET['ocparams'], $matches)) {
foreach ($matches[1] as $idx => $m) {
if (($m != 'module') && ($m != 'action') && preg_match("/^[\w-]+$/", $m)) {
$params .= '&' . $m . '=' . urlencode($matches[2][$idx]);
$_GET[$m] = $matches[2][$idx];
}
}
}
unset($_GET['ocparams']);
define('OCC_SELF', $_SERVER['PHP_SELF'] . '?module=' . $_REQUEST['module'] . '&action=' . $_GET['action'] . $params);
} elseif (isset($_SERVER['REQUEST_URI']) && strstr($_SERVER['REQUEST_URI'], '?')) {
define('OCC_SELF', htmlspecialchars($_SERVER['REQUEST_URI']));
} elseif (isset($_SERVER['QUERY_STRING']) && strstr($_SERVER['QUERY_STRING'], '&')) {
define('OCC_SELF', $_SERVER['PHP_SELF'] . '?' . htmlspecialchars($_SERVER['QUERY_STRING']));
} else {
err('This server does not support REQUEST_URI or QUERY_STRING','Error');
}
define('OCC_MODULE_REQUEST_BASE', $_SERVER['PHP_SELF'] . '?module=' . $_REQUEST['module']);
require_once OCC_MODULE_ID . '/' . $_REQUEST['action'];
exit;
}
exit;
?>