/** * Standard code module initialisation function. */ function init__site() { if (defined('BREADCRUMB_CROP_LENGTH')) { return; } global $HELPER_PANEL_TEXT, $HELPER_PANEL_HTML, $HELPER_PANEL_PIC, $HELPER_PANEL_TUTORIAL; $HELPER_PANEL_TEXT = ''; $HELPER_PANEL_HTML = ''; $HELPER_PANEL_PIC = ''; $HELPER_PANEL_TUTORIAL = ''; global $REQUEST_PAGE_NEST_LEVEL; $REQUEST_PAGE_NEST_LEVEL = 0; global $REDIRECT_CACHE; $REDIRECT_CACHE = array(); global $REDIRECTED_TO; $REDIRECTED_TO = NULL; global $REFRESH_URL, $FORCE_META_REFRESH, $EXTRA_HEAD, $EXTRA_FOOT, $QUICK_REDIRECT; $REFRESH_URL[0] = ''; $REFRESH_URL[1] = 0; $FORCE_META_REFRESH = false; if (!isset($EXTRA_HEAD)) { $EXTRA_HEAD = new ocp_tempcode(); } if (!isset($EXTRA_FOOT)) { $EXTRA_FOOT = new ocp_tempcode(); } $QUICK_REDIRECT = false; global $FEED_URL, $FEED_URL_2; $FEED_URL = NULL; $FEED_URL_2 = NULL; global $NON_CANONICAL_PARAMS; // We only bother listing ones the software itself may inject - otherwise admin responsible for their own curation of canonical settings $NON_CANONICAL_PARAMS = array('wide_high', 'wide', 'wide_print', 'root', 'filtered', 'utheme', 'active_filter', 'redirected', 'redirect_url', 'redirect', 'redirect_passon'); $canonical_keep_params = explode(',', is_null(get_value('canonical_keep_params')) ? '' : get_value('canonical_keep_params')); foreach (array_keys($_GET) as $key) { if (substr($key, 0, 5) == 'keep_' && !@in_array($key, $canonical_keep_params)) { $NON_CANONICAL_PARAMS[] = $key; } } global $ATTACHED_MESSAGES, $ATTACHED_MESSAGES_RAW, $FAILED_TO_ATTACH_ALL_ERRORS; $ATTACHED_MESSAGES = new ocp_tempcode(); $ATTACHED_MESSAGES_RAW = array(); $FAILED_TO_ATTACH_ALL_ERRORS = false; global $DONE_HEADER; $DONE_HEADER = false; // We may fill these in from the code, or we may not global $SEO_KEYWORDS, $SEO_DESCRIPTION, $SEO_TITLE; $SEO_KEYWORDS = NULL; $SEO_DESCRIPTION = NULL; $SEO_TITLE = NULL; global $PAGE_STRING, $LAST_COMCODE_PARSED_TITLE; $PAGE_STRING = NULL; $LAST_COMCODE_PARSED_TITLE = ''; global $BREADCRUMBS, $BREADCRUMB_SET_PARENTS, $BREADCRUMB_EXTRA_SEGMENTS, $DISPLAYED_TITLE, $BREADCRUMB_SET_SELF; $BREADCRUMBS = NULL; $BREADCRUMB_SET_PARENTS = array(); $BREADCRUMB_EXTRA_SEGMENTS = new ocp_tempcode(); $DISPLAYED_TITLE = NULL; $BREADCRUMB_SET_SELF = NULL; $bcl = get_value('breadcrumb_crop_length'); define('BREADCRUMB_CROP_LENGTH', is_null($bcl) ? 26 : intval($bcl)); global $PT_PAIR_CACHE_CP; $PT_PAIR_CACHE_CP = array(); global $ATTACH_MESSAGE_CALLED; $ATTACH_MESSAGE_CALLED = 0; global $ZONE, $RELATIVE_PATH; $zone = get_zone_name(); $real_zone = $RELATIVE_PATH == '_tests' || $RELATIVE_PATH == 'data' || $RELATIVE_PATH == 'data_custom' ? get_param('zone', '') : $zone; $ZONE = persistant_cache_get(array('ZONE', $real_zone)); if ($ZONE === NULL) { $zones = $GLOBALS['SITE_DB']->query_select('zones', array('*'), array('zone_name' => $real_zone), '', 1); if (!array_key_exists(0, $zones) && is_dir(get_file_base() . '/' . $real_zone . '/' . 'pages')) { $GLOBALS['SITE_DB']->query_insert('zones', array('zone_name' => $real_zone, 'zone_title' => insert_lang($real_zone, 1), 'zone_default_page' => 'start', 'zone_header_text' => insert_lang($real_zone, 1), 'zone_theme' => 'default', 'zone_wide' => 0, 'zone_require_session' => 0, 'zone_displayed_in_menu' => 0)); require_code('menus2'); add_menu_item_simple('zone_menu', NULL, $real_zone, $real_zone . ':', 0, 1); $zones = $GLOBALS['SITE_DB']->query_select('zones z LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'translate t ON ' . db_string_equal_to('language', user_lang()) . ' AND z.zone_header_text=t.id', array('z.*', 'text_original AS zone_header_text_trans'), array('zone_name' => $real_zone), '', 1); } if (array_key_exists(0, $zones)) { $ZONE = $zones[0]; $ZONE['zone_header_text_trans'] = get_translated_text($ZONE['zone_header_text']); persistant_cache_set(array('ZONE', $real_zone), $ZONE); } if ($ZONE === NULL) { $zones = $GLOBALS['SITE_DB']->query_select('zones', array('*'), array('zone_name' => ''), '', 1); $ZONE = $zones[0]; $ZONE['zone_header_text_trans'] = get_translated_text($ZONE['zone_header_text']); warn_exit(do_lang_tempcode('BAD_ZONE', escape_html($real_zone))); } unset($zones); } if ($ZONE !== NULL && $ZONE['zone_wide'] === NULL) { $ZONE['zone_wide'] = get_forum_type() == 'ocf' ? $GLOBALS['FORUM_DRIVER']->get_member_row_field(get_member(), 'm_zone_wide') : 1; } if ($ZONE['zone_name'] == 'adminzone' || $ZONE['zone_name'] == 'cms') { require_css('adminzone'); } $_zone = get_zone_name(); $REDIRECT_CACHE = array($_zone => array()); if (addon_installed('redirects_editor')) { $redirect = persistant_cache_get(array('REDIRECT', $_zone)); if ($redirect === NULL) { $redirect = $GLOBALS['SITE_DB']->query_select('redirects', array('*')); persistant_cache_set(array('REDIRECT', $_zone), $redirect); } foreach ($redirect as $r) { if ($r['r_from_zone'] == $r['r_to_zone'] && $r['r_from_page'] == $r['r_to_page']) { continue; } $REDIRECT_CACHE[$r['r_from_zone']][$r['r_from_page']] = $r; } } // SEO redirection require_code('urls'); if (can_try_mod_rewrite()) { $ruri = ocp_srv('REQUEST_URI'); $old_style = get_option('htm_short_urls') != '1'; if (!headers_sent() && running_script('index') && isset($_SERVER['HTTP_HOST']) && count($_POST) == 0 && (strpos($ruri, '/pg/') === false || !$old_style) && (strpos($ruri, '.htm') === false || $old_style)) { $GLOBALS['HTTP_STATUS_CODE'] = '301'; header('HTTP/1.0 301 Moved Permanently'); header('Location: ' . get_self_url(true)); exit; } } // Search engine having session in URL, we don't like this if (get_bot_type() !== NULL && isset($_SERVER['HTTP_HOST']) && count($_POST) == 0 && get_param_integer('keep_session', NULL) !== NULL) { $GLOBALS['HTTP_STATUS_CODE'] = '301'; header('HTTP/1.0 301 Moved Permanently'); header('Location: ' . get_self_url(true, false, array('keep_session' => NULL, 'keep_print' => NULL))); exit; } // Detect bad access domain global $SITE_INFO; $access_host = preg_replace('#:.*#', '', ocp_srv('HTTP_HOST')); if ($access_host != '' && isset($_SERVER['HTTP_HOST'])) { $parsed_base_url = parse_url(get_base_url()); if (array_key_exists('host', $parsed_base_url) && strtolower($parsed_base_url['host']) != strtolower($access_host)) { if (!array_key_exists('ZONE_MAPPING_' . get_zone_name(), $SITE_INFO)) { if ($GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { attach_message(do_lang_tempcode('BAD_ACCESS_DOMAIN', escape_html($parsed_base_url['host']), escape_html($access_host)), 'warn'); } header('Location: ' . str_replace(chr(13), '', str_replace(chr(10), '', str_replace($access_host, $parsed_base_url['host'], get_self_url_easy())))); exit; } } } // The most important security check global $SESSION_CONFIRMED; get_member(); // Make sure we've loaded our backdoor if installed require_code('permissions'); if ($ZONE['zone_require_session'] == 1) { header('X-Frame-Options: SAMEORIGIN'); } // Clickjacking protection if ($ZONE['zone_name'] != '' && !is_httpauth_login() && (get_session_id() == -1 || $SESSION_CONFIRMED == 0) && $ZONE['zone_require_session'] == 1 && get_page_name() != 'login') { access_denied($real_zone == 'data' || has_zone_access(get_member(), $ZONE['zone_name']) ? 'ZONE_ACCESS_SESSION' : 'ZONE_ACCESS', $ZONE['zone_name'], true); } else { if ($real_zone == 'data' || has_zone_access(get_member(), $ZONE['zone_name'])) { global $NON_PAGE_SCRIPT; if ($NON_PAGE_SCRIPT == 0 && !has_page_access(get_member(), get_page_name(), $ZONE['zone_name'], true)) { access_denied('PAGE_ACCESS'); } } else { /* if ($ZONE['zone_name']=='adminzone') GoogleAds will pick up on ANY URL any go and CRAWL IT. So don't use with googleads unless you want googlead-triggering-heart-attacks ;) log_hack_attack_and_exit('ADMINZONE_ACCESS_DENIED');*/ if (get_page_name() != 'login') { access_denied('ZONE_ACCESS', $ZONE['zone_name'], true); } } } }
/** * Build and return a proper URL, from the $vars array. * Note: URL parameters should always be in lower case (one of the coding standards) * * @param array A map of parameter names to parameter values. Values may be strings or integers, or NULL. NULL indicates "skip this". 'page' cannot be NULL. * @param ID_TEXT The zone the URL is pointing to. YOU SHOULD NEVER HARD CODE THIS- USE '_SEARCH', '_SELF' (if you're self-referencing your own page) or the output of get_module_zone. * @param ?array Variables to explicitly not put in the URL (perhaps because we have $keep_all set, or we are blocking certain keep_ values). The format is of a map where the keys are the names, and the values are 1. (NULL: don't skip any) * @param boolean Whether to keep all non-skipped parameters that were in the current URL, in this URL * @param boolean Whether to avoid mod_rewrite (sometimes essential so we can assume the standard URL parameter addition scheme in templates) * @param boolean Whether to skip actually putting on keep_ parameters (rarely will this skipping be desirable) * @param string Hash portion of the URL (blank: none). * @return string The URL in string format. */ function _build_url($vars, $zone_name = '', $skip = NULL, $keep_all = false, $avoid_remap = false, $skip_keep = false, $hash = '') { global $HAS_KEEP_IN_URL, $USE_REWRITE_PARAMS, $CACHE_BOT_TYPE; // Build up our URL base $url = get_base_url(is_page_https($zone_name, isset($vars['page']) ? $vars['page'] : ''), $zone_name); $url .= '/'; // For bots we explicitly unset skippable injected 'keep_' params because it bloats the crawl-space if ($CACHE_BOT_TYPE !== NULL && get_bot_type() !== NULL) { foreach ($vars as $key => $val) { if ($key == 'redirect' || $key == 'root') { unset($vars[$key]); } if (substr($key, 0, 5) == 'keep_' && skippable_keep($key, $val)) { unset($vars[$key]); } } } // Things we need to keep in the url $keep_actual = array(); if ($HAS_KEEP_IN_URL === NULL || $HAS_KEEP_IN_URL || $keep_all) { $mc = get_magic_quotes_gpc(); $keep_cant_use = array(); $HAS_KEEP_IN_URL = false; foreach ($_GET as $key => $val) { if (!is_string($val)) { continue; } $is_keep = false; $appears_keep = $key[0] == 'k' && substr($key, 0, 5) == 'keep_'; if ($appears_keep) { if (!$skip_keep && !skippable_keep($key, $val)) { $is_keep = true; } $HAS_KEEP_IN_URL = true; } if (($keep_all && !$appears_keep || $is_keep) && !array_key_exists($key, $vars) && !isset($skip[$key])) { if ($mc) { $val = stripslashes($val); } if ($is_keep) { $keep_actual[$key] = $val; } else { $vars[$key] = $val; } } elseif ($is_keep) { if ($mc) { $val = stripslashes($val); } $keep_cant_use[$key] = $val; } } $vars += $keep_actual; } global $URL_MONIKERS_ENABLED; if ($URL_MONIKERS_ENABLED === NULL) { $URL_MONIKERS_ENABLED = url_monikers_enabled(); } if ($URL_MONIKERS_ENABLED) { $test = find_id_moniker($vars); if ($test !== NULL) { $vars['id'] = $test; } } // We either use mod_rewrite, or return a standard parameterisation if ($USE_REWRITE_PARAMS === NULL || $avoid_remap) { $use_rewrite_params = can_try_mod_rewrite($avoid_remap); if (!$avoid_remap) { $USE_REWRITE_PARAMS = $use_rewrite_params; } } else { $use_rewrite_params = $USE_REWRITE_PARAMS; } $test_rewrite = NULL; if ($use_rewrite_params) { $test_rewrite = _url_rewrite_params($zone_name, $vars, count($keep_actual) > 0); } else { $test_rewrite = NULL; } if ($test_rewrite === NULL) { $url .= 'index.php'; // Fix sort order if (isset($vars['id'])) { $_vars = $vars; unset($_vars['id']); $vars = array('id' => $vars['id']) + $_vars; } if (isset($vars['type'])) { $_vars = $vars; unset($_vars['type']); $vars = array('type' => $vars['type']) + $_vars; } if (isset($vars['page'])) { $_vars = $vars; unset($_vars['page']); $vars = array('page' => $vars['page']) + $_vars; } // Build up the URL string $symbol = '?'; foreach ($vars as $key => $val) { if ($val === NULL) { continue; } // NULL means skip if ($val === SELF_REDIRECT) { $val = get_self_url(true, true); } // Add in $url .= $symbol . $key . '=' . (is_integer($val) ? strval($val) : urlencode($val)); $symbol = '&'; } } else { $url .= $test_rewrite; } // Done return $url . $hash; }