* @package Pixie
* @copyright 2008-2010 Scott Evans
* @author Scott Evans
* @author Sam Collett
* @author Tony White
* @author Isa Worcs
* @link http://www.getpixie.co.uk
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3
*
*/
$refering = NULL;
$refering = parse_url($_SERVER['HTTP_REFERER']);
if ($refering['host'] == $_SERVER['HTTP_HOST']) {
if (defined('DIRECT_ACCESS')) {
require_once '../lib/lib_misc.php';
pixieExit();
exit;
}
define('DIRECT_ACCESS', 1);
require_once '../lib/lib_misc.php';
/* perform basic sanity checks */
bombShelter();
/* check URL size */
error_reporting(0);
/* Please note : We do not need to specify the header type of this document using php because
index.php already wraps this in a script tag. If we included it instead, we would need to. */
// Note : If you use this file, any global vars now have the prefix pixie, so what was $s is now $pixie_s
/* !IMPORTANT - This file thinks it's being run from admin/ */
/* instead of admin/jscript so paths are relative to admin */
extract($_REQUEST, EXTR_PREFIX_ALL, 'pixie');
?>
function globalSec($page_location, $sec_check)
{
global $clean_urls;
/* .htaccess already has a rule for this, we don't need to do it twice */
if ($clean_urls != 'yes' && $sec_check === 1) {
if (isset($_REQUEST['_GET'])) {
pixieExit();
}
if (isset($_REQUEST['_POST'])) {
pixieExit();
}
if (isset($_REQUEST['_COOKIE'])) {
pixieExit();
}
if (isset($_REQUEST['_SESSION'])) {
pixieExit();
}
if (isset($_REQUEST['GLOBALS'])) {
pixieExit();
}
if (isset($_REQUEST['_FILES'])) {
pixieExit();
}
if (isset($_REQUEST['_REQUEST'])) {
pixieExit();
}
if (isset($_REQUEST['_SERVER'])) {
pixieExit();
}
}
}