<?php error_reporting(E_ALL & ~E_NOTICE); define('MODX_BASE_PATH', realpath('../../../../') . '/'); include_once MODX_BASE_PATH . "assets/cache/siteManager.php"; define('MGR', MODX_BASE_PATH . MGR_DIR); define('MODX_API_MODE', true); include_once MGR . '/includes/config.inc.php'; include_once MGR . '/includes/document.parser.class.inc.php'; $modx = new DocumentParser(); $modx->db->connect(); $modx->getSettings(); startCMSSession(); $modx->minParserPasses = 2; if (IN_MANAGER_MODE != 'true' && !$modx->hasPermission('exec_module')) { die('<b>INCLUDE_ORDERING_ERROR</b><br /><br />Please use the MODX Content Manager instead of accessing this file directly.'); } if (version_compare(phpversion(), "5.3") < 0) { @ini_set('magic_quotes_runtime', 0); @ini_set('magic_quotes_sybase', 0); } $moduleurl = $modx->config['site_url'] . 'assets/modules/store/installer/index.php'; $modulePath = MODX_BASE_PATH . 'assets/modules/store/installer/'; $self = $modulePath . '/index.php'; require_once $modulePath . "/functions.php"; $_lang = array(); $_params = array(); $lang = $modx->config['manager_language']; if (file_exists($modulePath . '/lang/' . $lang . '.inc.php')) { include_once $modulePath . '/lang/' . $lang . '.inc.php'; } else {
$_SESSION['SystemAlertMsgQueque'] = array(); } $SystemAlertMsgQueque =& $_SESSION['SystemAlertMsgQueque']; // first we check to see if this is a frameset request if (!isset($_POST['a']) && !isset($_GET['a']) && !isset($_POST['updateMsgCount'])) { // this looks to be a top-level frameset request, so let's serve up a frameset include_once "frames/1.php"; exit; } // OK, let's retrieve the action directive from the request if (isset($_GET['a']) && isset($_POST['a'])) { $modx->webAlertAndQuit($_lang["error_double_action"]); } else { $action = isset($_REQUEST['a']) ? (int) $_REQUEST['a'] : null; } if (isset($_POST['updateMsgCount']) && $modx->hasPermission('messages')) { include_once 'messageCount.inc.php'; } // save page to manager object $modx->manager->action = $action; // attempt to foil some simple types of CSRF attacks if (isset($modx->config['validate_referer']) && intval($modx->config['validate_referer'])) { if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; if (!empty($referer)) { if (!preg_match('/^' . preg_quote(MODX_SITE_URL, '/') . '/i', $referer)) { $modx->webAlertAndQuit("A possible CSRF attempt was detected from referer: {$referer}.", "index.php"); } } else { $modx->webAlertAndQuit("A possible CSRF attempt was detected. No referer was provided by the client.", "index.php"); }
$action = isset($_POST['action']) ? preg_replace('/[^a-zA-Z0-9_-]+/', '', $_POST['action']) : false; $docid = isset($_POST['id']) ? intval($_POST['id']) : false; $tvid = isset($_POST['tvid']) ? intval(str_replace('tv', '', $_POST['tvid'])) : false; switch ($configtype) { case 'module': $type = 'moduleconfig'; break; case 'tv': default: $type = 'config'; break; } $answer = array(); switch ($mode) { case 'dbtable': if ($modx->hasPermission('exec_module')) { if ($action && $config) { $multiTV = new multiTV($modx, array('type' => 'module', 'tvUrl' => MTV_PATH)); // config exists? $settings = $multiTV->loadSettings($config, $type, false); if ($settings) { $processors = isset($settings['processors']) ? $settings['processors'] : ''; $includeFile = $multiTV->includeFile($action, 'processor', '.inc.php', $processors); if (!$includeFile) { $includeFile = $multiTV->includeFile($action, 'processor', '.inc.php'); } // processor available? if ($includeFile) { include $includeFile; } else { $answer['error'] = true;