include_once "manager.lockout.inc.php"; } // Initialize System Alert Message Queque if (!isset($_SESSION['SystemAlertMsgQueque'])) { $_SESSION['SystemAlertMsgQueque'] = array(); } $SystemAlertMsgQueque =& $_SESSION['SystemAlertMsgQueque']; // first we check to see if this is a frameset request if (!isset($_POST['a']) && !isset($_GET['a']) && !isset($_POST['updateMsgCount'])) { // this looks to be a top-level frameset request, so let's serve up a frameset include_once "frames/1.php"; exit; } // OK, let's retrieve the action directive from the request if (isset($_GET['a']) && isset($_POST['a'])) { $modx->webAlertAndQuit($_lang["error_double_action"]); } else { $action = isset($_REQUEST['a']) ? (int) $_REQUEST['a'] : null; } if (isset($_POST['updateMsgCount']) && $modx->hasPermission('messages')) { include_once 'messageCount.inc.php'; } // save page to manager object $modx->manager->action = $action; // attempt to foil some simple types of CSRF attacks if (isset($modx->config['validate_referer']) && intval($modx->config['validate_referer'])) { if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; if (!empty($referer)) { if (!preg_match('/^' . preg_quote(MODX_SITE_URL, '/') . '/i', $referer)) { $modx->webAlertAndQuit("A possible CSRF attempt was detected from referer: {$referer}.", "index.php");