function exceptions_error_handler($severity, $message, $filename, $lineno) { if (STATE != "development") { ob_get_clean(); $GLOBALS["error_already_sent"] = send_error_by_mail(array("type" => $severity, "file" => $filename, "line" => $lineno, "message" => $message)); header_if(true, 500, true); } throw new ErrorException($message, 0, $severity, $filename, $lineno); }
break; } } if (get_status($_POST["room"], $_POST["witness"]) == not_owned && get_status($_POST["weapon"], $_POST["witness"]) == not_owned) { add_card_owner_status($_POST["suspect"], $_POST["witness"], owned); } elseif (get_status($_POST["weapon"], $_POST["witness"]) == not_owned && get_status($_POST["suspect"], $_POST["witness"]) == not_owned) { add_card_owner_status($_POST["room"], $_POST["witness"], owned); } elseif (get_status($_POST["room"], $_POST["witness"]) == not_owned && get_status($_POST["suspect"], $_POST["witness"]) == not_owned) { add_card_owner_status($_POST["weapon"], $_POST["witness"], owned); } increment_turn(); redirect_to_action("show"); break; case "skip": increment_turn(); redirect_to_action("show"); break; case "show": break; case "daybook": break; case "revert": $turn = max(array_of_ids(select_turns())); delete_turn($turn); delete_owned_of_turn($turn); redirect_to_action("show"); break; default: header_if(true, 403); exit; }
function check_csrf_get() { header_if(!isset($_GET["csrf_token"]) || !valid_csrf_token($_GET["csrf_token"]), 401); }
<?php header_if(!validate_input(array("action", "controller"), array("tags")), 400); $full_controller = $_GET["controller"]; header_if(!in_array($full_controller, array("game")), 404); $query_array = compute_query_array(); if ($_GET["controller"] != "error") { include CONTROLLER_PATH . (isset($_GET["prefix"]) ? $_GET["prefix"] . "/base.php" : $_GET["controller"] . ".php"); } else { header_if($_GET["action"] == "unknown_url", 400); } if (!(STATE == "development" && ob_get_length() != 0)) { include LAYOUT_PATH . "application.php"; }