* installed & active. If not, we should go back to the defaults. */ $def_a = 'index'; if (!isset($_GET['m']) && !empty($w2Pconfig['default_view_m'])) { if (!$perms->checkModule($w2Pconfig['default_view_m'], 'view', $AppUI->user_id)) { $m = 'public'; $def_a = 'welcome'; } else { $m = $w2Pconfig['default_view_m']; $def_a = !empty($w2Pconfig['default_view_a']) ? $w2Pconfig['default_view_a'] : $def_a; $tab = $w2Pconfig['default_view_tab']; $_GET['tab'] = $tab; } } else { // set the module from the url $m = $loader->checkFileName(w2PgetParam($_GET, 'm', getReadableModule())); } $m = preg_replace("/[^a-z0-9_]/", "", $m); // set the action from the url $a = $loader->checkFileName(w2PgetParam($_GET, 'a', $def_a)); $a = preg_replace("/[^a-z0-9_]/", "", $a); if ($m == 'projects' && $a == 'view' && $w2Pconfig['projectdesigner_view_project'] && !w2PgetParam($_GET, 'bypass') && !isset($_GET['tab'])) { if ($AppUI->isActiveModule('projectdesigner')) { $m = 'projectdesigner'; $a = 'index'; } } /* This check for $u implies that a file located in a subdirectory of higher depth than 1 * in relation to the module base can't be executed. So it would'nt be possible to * run for example the file module/directory1/directory2/file.php * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are
/** @deprecated */ public function checkFileName($file) { trigger_error("AppUI->checkFileName() has been deprecated in v3.0 and will be removed by v4.0. Please use w2p_FileSystem_Loader->checkFileName() instead.", E_USER_NOTICE); $loader = new w2p_FileSystem_Loader(); return $loader->checkFileName($file); }
} echo $AppUI->_('Selected Project') . ': <b>' . $display_project_name . '</b>'; ?> <form name="changeMe" action="./index.php?m=reports<?php echo $report_type_var; ?> " method="post" accept-charset="utf-8"> <?php echo $AppUI->_('Projects') . ':' . arraySelect($project_list, 'project_id', 'size="1" class="text" onchange="changeIt();"', $project_id, false); ?> </form> <?php } if ($report_type) { $report_type = $loader->checkFileName($report_type); $report_type = str_replace(' ', '_', $report_type); require W2P_BASE_DIR . '/modules/reports/reports/' . $report_type . '.php'; } else { echo $AppUI->getTheme()->styleRenderBoxTop(); $s = ''; $s .= '<table class="std">'; $s .= '<tr><td><h2>' . $AppUI->_('Reports Available') . '</h2></td></tr>'; foreach ($reports as $key => $v) { $type = str_replace('.php', '', $v); $link = 'index.php?m=reports&project_id=' . $project_id . '&report_type=' . $type; /* * TODO: There needs to be a better approach to adding the suppressHeaders * part but I can't come up with anything better at the moment.. * * ~ caseydk, 08 May 2011