*/ XoopsLoad::load('xoopssecurity'); $xoopsSecurity = new XoopsSecurity(); $xoopsSecurity->checkSuperglobals(); /** * Create Instantance XoopsLogger Object */ XoopsLoad::load('xoopslogger'); $xoopsLogger =& XoopsLogger::getInstance(); $xoopsErrorHandler =& XoopsLogger::getInstance(); $xoopsLogger->startTime(); $xoopsLogger->startTime('XOOPS Boot'); /** * Include Required Files */ include_once $xoops->path('kernel/object.php'); include_once $xoops->path('class/criteria.php'); include_once $xoops->path('class/module.textsanitizer.php'); include_once $xoops->path('include/functions.php'); /** * YOU SHOULD NEVER USE THE FOLLOWING CONSTANT, IT WILL BE REMOVED */ /** * Set cookie dope for multiple subdomains remove the '.'. to use top level dope for session cookie; * Requires functions */ define('XOOPS_COOKIE_DOMAIN', ($domain = xoops_getBaseDomain(XOOPS_URL)) == 'localhost' ? '' : '.' . $domain); /** * Check Proxy; * Requires functions */
// Fetch path from query string if path is not set, i.e. through a direct request if (!isset($path) && !empty($_SERVER['QUERY_STRING'])) { $path = $_SERVER['QUERY_STRING']; $path = substr($path, 0, 1) == '/' ? substr($path, 1) : $path; $path_type = substr($path, 0, strpos($path, '/')); if (!isset($xoops->paths[$path_type])) { $path = "XOOPS/" . $path; $path_type = "XOOPS"; } } //We are not allowing output of xoops_data if ($path_type == 'var') { header("HTTP/1.0 404 Not Found"); exit; } $file = realpath($xoops->path($path)); $dir = realpath($xoops->paths[$path_type][0]); //We are not allowing directory travessal either if (!strstr($file, $dir)) { header("HTTP/1.0 404 Not Found"); exit; } //We can't output empty files and php files do not output if (empty($file) || strpos($file, '.php') !== false) { header("HTTP/1.0 404 Not Found"); exit; } $file = $xoops->path($path); // Is there really a file to output? if (!file_exists($file)) { header("HTTP/1.0 404 Not Found");