include_once "manager.lockout.inc.php";
}
// Initialize System Alert Message Queque
if (!isset($_SESSION['SystemAlertMsgQueque'])) {
$_SESSION['SystemAlertMsgQueque'] = array();
}
$SystemAlertMsgQueque =& $_SESSION['SystemAlertMsgQueque'];
// first we check to see if this is a frameset request
if (!isset($_POST['a']) && !isset($_GET['a']) && !isset($_POST['updateMsgCount'])) {
// this looks to be a top-level frameset request, so let's serve up a frameset
include_once "frames/1.php";
exit;
}
// OK, let's retrieve the action directive from the request
if (isset($_GET['a']) && isset($_POST['a'])) {
$modx->webAlertAndQuit($_lang["error_double_action"]);
} else {
$action = isset($_REQUEST['a']) ? (int) $_REQUEST['a'] : null;
}
if (isset($_POST['updateMsgCount']) && $modx->hasPermission('messages')) {
include_once 'messageCount.inc.php';
}
// save page to manager object
$modx->manager->action = $action;
// attempt to foil some simple types of CSRF attacks
if (isset($modx->config['validate_referer']) && intval($modx->config['validate_referer'])) {
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
if (!empty($referer)) {
if (!preg_match('/^' . preg_quote(MODX_SITE_URL, '/') . '/i', $referer)) {
$modx->webAlertAndQuit("A possible CSRF attempt was detected from referer: {$referer}.", "index.php");
