public function browse_cat($cat_id) { $this->_checkPermission(); $params = func_get_args(); $this->path = join('/', $params); // make sure there's a / at the end if (substr($this->path, -1, 1) != '/') { $this->path .= '/'; } //security // we dont allow back link if (strpos($this->path, '..') !== false) { if (Plugin::isEnabled('statistics_api')) { $user = null; if (AuthUser::isLoggedIn()) { $user = AuthUser::getUserName(); } $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user); Observer::notify('stats_file_manager_hack_attempt', $event); } } $this->fullpath = FILES_DIR . '/themes/news/images/'; // clean up nicely $this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath); $news_arr = News::findByCatId($cat_id); $category_name = News::getCategoryName($cat_id); $this->display('news/view_news', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'news_arr' => $news_arr, 'category_name' => $category_name, 'cat_id' => $cat_id)); }