// require_once "includes/template.inc"; require_once 'includes/template.inc'; function clean($input, $maxlength) { $input = substr($input, 0, $maxlength); $input = EscapeShellCmd($input); return $input; } if (isset($_GET["source"])) { $source = clean($_GET["source"], 60); $template = new winestoreTemplate(T_SOURCE); // if ((eregi("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) || // if ((mb_ereg_match("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) || if ((preg_match(D_WEB_PATH . "#^[a-z0-9]*[.]php\$#i", $source) || preg_match("/^/" . D_WEB_PATH . "/templates\\/[a-z0-9]*[.]tpl\$/i", $source) || $source == D_WEB_PATH . "includes/winestore.inc" || $source == D_WEB_PATH . "includes/customHandler.inc" || $source == D_WEB_PATH . "includes/authenticate.inc" || $source == D_WEB_PATH . "includes/template.inc" || $source == D_WEB_PATH . "includes/validate.inc" || preg_match("/^/" . D_WEB_PATH . "/customer\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/auth\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/order\\/[a-z0-9-]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/search\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/cart\\/[a-z0-9]*[.]php\$/i", $source)) && file_exists(D_INSTALL_PATH . $source)) { $file = D_INSTALL_PATH . $source; } $template->setVariable("PAGE", $source); if (isset($file)) { $contents = highlight_file($file, true); $contents = str_replace("{", "{", $contents); $contents = str_replace("}", "}", $contents); $template->setVariable("SOURCE", $contents); } else { $template->setVariable("SOURCE", "Filename Not Found or Not Permitted."); } $template->setCurrentBlock(); $template->parseCurrentBlock(); $template->show(); } else { trigger_error("source parameter must be provided", E_USER_ERROR); }