$msg = COM_applyFilter($_GET['msg'], true); if ($msg <= 0) { $msg = 0; } } // Handle just template staticpage security here, rest done in services. // Cannot view template staticpages directly. If template staticpage bail here // if user doesn't have edit rights. if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) { if (SEC_hasRights('staticpages.edit')) { $perms = SP_getPerms('', '3'); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') { COM_handle404(); exit; } } else { COM_handle404(); exit; } } $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query); if ($display_mode == 'print') { header('Content-Type: text/html; charset=' . COM_getCharset()); if (!empty($_CONF['frame_options'])) { header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']); } } COM_output($retval);
$page = COM_sanitizeID(COM_applyFilter($_POST['page'])); } // from comments display refresh: if (isset($_POST['order'])) { $comment_order = $_POST['order'] == 'ASC' ? 'ASC' : 'DESC'; if (isset($_POST['mode'])) { $comment_mode = COM_applyFilter($_POST['mode']); } if (isset($_POST['cmtpage'])) { $cmt_page = COM_applyFilter($_POST['cmtpage']); } } else { if (isset($_GET['order'])) { $comment_order = $_GET['order'] == 'ASC' ? 'ASC' : 'DESC'; } if (isset($_GET['mode'])) { $comment_mode = COM_applyFilter($_GET['mode']); } if (isset($_GET['cmtpage'])) { $cmt_page = COM_applyFilter($_GET['cmtpage'], true); } } $valid_modes = array('threaded', 'nested', 'flat', 'nocomment'); if (in_array($mode, $valid_modes) === false) { $mode = ''; } if ($display_mode != 'print') { $display_mode = ''; } $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode); echo $retval;