コード例 #1
0
ファイル: pixie.js.php プロジェクト: joseph-mudloff/pixie-cms
 * @package Pixie
 * @copyright 2008-2010 Scott Evans
 * @author Scott Evans
 * @author Sam Collett
 * @author Tony White
 * @author Isa Worcs
 * @link http://www.getpixie.co.uk
 * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3
 *
 */
$refering = NULL;
$refering = parse_url($_SERVER['HTTP_REFERER']);
if ($refering['host'] == $_SERVER['HTTP_HOST']) {
    if (defined('DIRECT_ACCESS')) {
        require_once '../lib/lib_misc.php';
        pixieExit();
        exit;
    }
    define('DIRECT_ACCESS', 1);
    require_once '../lib/lib_misc.php';
    /* perform basic sanity checks */
    bombShelter();
    /* check URL size */
    error_reporting(0);
    /* Please note : We do not need to specify the header type of this document using php because
    	index.php already wraps this in a script tag. If we included it instead, we would need to. */
    // Note : If you use this file, any global vars now have the prefix pixie, so what was $s is now $pixie_s
    /* !IMPORTANT - This file thinks it's being run from admin/ */
    /* instead of admin/jscript so paths are relative to admin */
    extract($_REQUEST, EXTR_PREFIX_ALL, 'pixie');
    ?>
コード例 #2
0
ファイル: lib_misc.php プロジェクト: joseph-mudloff/pixie-cms
function globalSec($page_location, $sec_check)
{
    global $clean_urls;
    /* .htaccess already has a rule for this, we don't need to do it twice */
    if ($clean_urls != 'yes' && $sec_check === 1) {
        if (isset($_REQUEST['_GET'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_POST'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_COOKIE'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_SESSION'])) {
            pixieExit();
        }
        if (isset($_REQUEST['GLOBALS'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_FILES'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_REQUEST'])) {
            pixieExit();
        }
        if (isset($_REQUEST['_SERVER'])) {
            pixieExit();
        }
    }
}