// require_once "includes/template.inc";
require_once 'includes/template.inc';
function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return $input;
}
if (isset($_GET["source"])) {
$source = clean($_GET["source"], 60);
$template = new winestoreTemplate(T_SOURCE);
// if ((eregi("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) ||
// if ((mb_ereg_match("^" . D_WEB_PATH . "[a-z0-9]*[.]php$", $source) ||
if ((preg_match(D_WEB_PATH . "#^[a-z0-9]*[.]php\$#i", $source) || preg_match("/^/" . D_WEB_PATH . "/templates\\/[a-z0-9]*[.]tpl\$/i", $source) || $source == D_WEB_PATH . "includes/winestore.inc" || $source == D_WEB_PATH . "includes/customHandler.inc" || $source == D_WEB_PATH . "includes/authenticate.inc" || $source == D_WEB_PATH . "includes/template.inc" || $source == D_WEB_PATH . "includes/validate.inc" || preg_match("/^/" . D_WEB_PATH . "/customer\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/auth\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/order\\/[a-z0-9-]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/search\\/[a-z0-9]*[.]php\$/i", $source) || preg_match("/^/" . D_WEB_PATH . "/cart\\/[a-z0-9]*[.]php\$/i", $source)) && file_exists(D_INSTALL_PATH . $source)) {
$file = D_INSTALL_PATH . $source;
}
$template->setVariable("PAGE", $source);
if (isset($file)) {
$contents = highlight_file($file, true);
$contents = str_replace("{", "{", $contents);
$contents = str_replace("}", "}", $contents);
$template->setVariable("SOURCE", $contents);
} else {
$template->setVariable("SOURCE", "Filename Not Found or Not Permitted.");
}
$template->setCurrentBlock();
$template->parseCurrentBlock();
$template->show();
} else {
trigger_error("source parameter must be provided", E_USER_ERROR);
}
