} require_once NOALYSS_INCLUDE . '/class_database.php'; require_once NOALYSS_INCLUDE . '/class_dossier.php'; require_once NOALYSS_INCLUDE . '/ac_common.php'; require_once NOALYSS_INCLUDE . '/constant.php'; require_once NOALYSS_INCLUDE . '/function_javascript.php'; require_once NOALYSS_INCLUDE . '/class_extension.php'; require_once NOALYSS_INCLUDE . '/class_html_input.php'; require_once NOALYSS_INCLUDE . '/class_iselect.php'; require_once NOALYSS_INCLUDE . '/constant.security.php'; require_once NOALYSS_INCLUDE . '/class_user.php'; /** * included from do.php + extension_choice.inc.php */ // find file and check security global $cn, $g_user; $ext = new Extension($cn); if ($ext->search($_REQUEST['plugin_code']) == -1) { echo_warning("plugin non trouvé"); return; } if ($ext->can_request($g_user->login) == -1) { alert("Plugin non authorisé"); return; } if (!file_exists(NOALYSS_PLUGIN . '/' . trim($ext->me_file))) { alert(j(_("Ce fichier n'existe pas "))); return; } echo '<div class="content">'; require_once NOALYSS_PLUGIN . DIRECTORY_SEPARATOR . trim($ext->me_file);
if (isset($_REQUEST['plugin_code'])) { if (LOGINPUT) { $file_loginput = fopen($_ENV['TMP'] . '/scenario-' . $_SERVER['REQUEST_TIME'] . '.php', 'a+'); fwrite($file_loginput, "<?php \n"); fwrite($file_loginput, '//@description:' . $_REQUEST['plugin_code'] . "\n"); fwrite($file_loginput, '$_GET=' . var_export($_GET, true)); fwrite($file_loginput, ";\n"); fwrite($file_loginput, '$_POST=' . var_export($_POST, true)); fwrite($file_loginput, ";\n"); fwrite($file_loginput, '$_POST[\'gDossier\']=$gDossierLogInput;'); fwrite($file_loginput, "\n"); fwrite($file_loginput, '$_GET[\'gDossier\']=$gDossierLogInput;'); fwrite($file_loginput, "\n"); fwrite($file_loginput, ' $_REQUEST=array_merge($_GET,$_POST);'); fwrite($file_loginput, "\n"); fwrite($file_loginput, "include '" . basename(__FILE__) . "';\n"); fclose($file_loginput); } $ext = new Extension($cn); if ($ext->search($_REQUEST['plugin_code']) != -1) { /* security */ if (!isset($_SESSION['g_user']) || $ext->can_request($_SESSION['g_user']) == 0) { exit; } /* call the ajax script */ require_once NOALYSS_PLUGIN . DIRECTORY_SEPARATOR . dirname(trim($ext->getp('me_file'))) . DIRECTORY_SEPARATOR . 'ajax.php'; } else { alert(j(_("Cette extension n'existe pas "))); exit; } }