<?php // +----------------------------------------------------------------------+ // | OpenConf | // +----------------------------------------------------------------------+ // | Copyright (c) 2002-2014 Zakon Group LLC. All Rights Reserved. | // +----------------------------------------------------------------------+ // | This source file is subject to the OpenConf License, available on | // | the OpenConf web site: www.OpenConf.com | // +----------------------------------------------------------------------+ require_once '../include.php'; // Is module valid & installed if (!isset($_REQUEST['module']) || !oc_moduleValid($_REQUEST['module']) || !oc_module_installed($_REQUEST['module'])) { err('Module is not installed', 'Error', 3); } // Is action valid elseif (!isset($_REQUEST['action']) || !preg_match("/^[\w\-]+\.\w+$/",$_REQUEST['action']) || !is_file($_REQUEST['module'] . '/' . $_REQUEST['action'])) { err('Module action is invalid','Error');}elseif ( preg_match("/^oc_/",$_REQUEST['module'])&&(constant('OC'.'C_L'.'ICENSE')=='Pub'.'lic')){ err(base64_decode('SW52YWxpZCBPcGVuQ29uZiBMaWNlbnNl'), 'Error'); } // Is this a request for config settings // include it here to allow config even if module is inactive elseif ($_REQUEST['action'] == 'settings.inc') { define('OCC_MODULE_ID', $_REQUEST['module']); define('OCC_SELF', $_SERVER['PHP_SELF'] . '?module=' . OCC_MODULE_ID . '&action=settings.inc'); // read in module config even if not active if (!oc_moduleActive(OCC_MODULE_ID) && is_file(OCC_MODULE_ID . '/config.inc')) { require_once OCC_MODULE_ID . '/config.inc'; } // setup chair session beginChairSession(); // display settings page if (is_file(OCC_PLUGINS_DIR . 'ckeditor/ckeditor.js')) { $useCK = true; oc_addHeader('<script type="text/javascript" src="' . OCC_PLUGINS_DIR . 'ckeditor/ckeditor.js"></script>'); } else { $useCK = false; } $OC_displayTop = '<a href="modules.php">Modules</a> » '; printHeader($OC_modulesAR[OCC_MODULE_ID]['name'] . " Settings",1); require_once OCC_MODULE_ID . '/settings.inc'; printFooter(); exit; } // Is action extension valid elseif (preg_match("/\.(?:inc|sql)$/",$_REQUEST['action'])) { err('Request for module action is not permitted','Error'); } // Is module active elseif (!in_array($_REQUEST['module'],$OC_activeModulesAR)) { err('Module is not active','Error'); } // OK already else { define('OCC_MODULE_ID', $_REQUEST['module']); // Friendly URL? If so, decipher params if ((OCC_LICENSE=='P'.'ublic') && preg_match("/^oc_/",$_REQUEST['module'])){exit;} if (isset($_GET['ocparams']) && !empty($_GET['ocparams'])) { $params = ''; if (preg_match_all("/(\w+)--(\w+)_-/", $_GET['ocparams'], $matches)) { foreach ($matches[1] as $idx => $m) { if (($m != 'module') && ($m != 'action') && preg_match("/^[\w-]+$/", $m)) { $params .= '&' . $m . '=' . urlencode($matches[2][$idx]); $_GET[$m] = $matches[2][$idx]; } } } unset($_GET['ocparams']); define('OCC_SELF', $_SERVER['PHP_SELF'] . '?module=' . $_REQUEST['module'] . '&action=' . $_GET['action'] . $params); } elseif (isset($_SERVER['REQUEST_URI']) && strstr($_SERVER['REQUEST_URI'], '?')) { define('OCC_SELF', htmlspecialchars($_SERVER['REQUEST_URI'])); } elseif (isset($_SERVER['QUERY_STRING']) && strstr($_SERVER['QUERY_STRING'], '&')) { define('OCC_SELF', $_SERVER['PHP_SELF'] . '?' . htmlspecialchars($_SERVER['QUERY_STRING'])); } else { err('This server does not support REQUEST_URI or QUERY_STRING','Error'); } define('OCC_MODULE_REQUEST_BASE', $_SERVER['PHP_SELF'] . '?module=' . $_REQUEST['module']); require_once OCC_MODULE_ID . '/' . $_REQUEST['action']; exit; } exit; ?>