function cw_have_script_tag($var) { if (!is_array($var)) { return stristr($var, '<script') !== false; } foreach ($var as $item) { if (!is_array($var)) { if (stristr($var, '<script') !== false) { return true; } } elseif (cw_have_script_tag($item)) { return true; } } return false; }
$active_addons = cw_call('cw_core_get_addons'); $active_addons[] = array('addon' => 'salesman'); $active_addons[] = array('addon' => 'warehouse'); if (is_array($active_addons)) { foreach ($active_addons as $adn) { $addons[$adn['addon']] = true; $_current_hook_order = $adn['orderby']; $_include_addon_file = 'addons/' . $adn['addon'] . '/init.php'; cw_include($_include_addon_file); } } unset($active_addons, $adn, $_include_addon_file, $_current_hook_order); cw_include('init/post_init.php'); // Strip tags in all html_* var which are not in trusted list foreach ($request_prepared as $__var => $__res) { if (strpos($__var, 'html_') === 0 && (!in_array($__var, $cw_trusted_variables) || cw_have_script_tag($__res))) { $__res = cw_strip_tags($__res); ${$__var} = $request_prepared[$__var] = $__res; } } // Remove trailing slash and add leading slash $app_config_file['web']['web_dir'] = with_leading_slash_only($app_config_file['web']['web_dir']); $app_config_file['web']['skin'] = with_leading_slash_only($app_config_file['web']['skin']); $app_skin_dir = $app_config_file['web']['skin']; $app_web_dir = $app_config_file['web']['web_dir']; $http_location = 'http://' . $app_config_file['web']['http_host'] . $app_config_file['web']['web_dir']; $https_location = 'https://' . $app_config_file['web']['https_host'] . $app_config_file['web']['web_dir']; cw_include('init/https_detect.php'); $current_location = $HTTPS ? $https_location : $http_location; $current_host_location = $HTTPS ? 'https://' . $app_config_file['web']['https_host'] : 'http://' . $app_config_file['web']['http_host']; cw_include('include/logging.php');