dispatch.php
defbfa55
 <?php
c208bd90
 /*
 This file belongs to the Webinterface of schokokeks.org Hosting.
5bc11a99
 Please see https://source.schokokeks.org for the newest source files.
c208bd90
 
cf54502a
 Written 2008-2018 by schokokeks.org Hosting, namely
c208bd90
   Bernd Wurst <bernd@schokokeks.org>
   Hanno Böck <hanno@schokokeks.org>
 
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
 
2626dd47
 You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
5bc11a99
 https://creativecommons.org/publicdomain/zero/1.0/
c208bd90
 
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
 */
defbfa55
 
deedc3e3
 require_once('config.php');
defbfa55
 require_once('inc/debug.php');
f20a077b
 require_once("inc/base.php");
d73051da
 require_once("inc/theme.php");
f20a077b
 
3e3f763f
 set_exception_handler('handle_exception');
f20a077b
 
defbfa55
 $go = $_GET['go'];
 
 /*
  sanitize $go
 */
 
eb53bf91
 // filenames can end with .php
2626dd47
 if (substr($go, strlen($go) - 4) == '.php') {
     $go = substr($go, 0, strlen($go) - 4);
eb53bf91
 }
 
 DEBUG($go);
 
2626dd47
 if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go.php")) or (! is_file("modules/$go.php"))) {
     die("illegal command");
defbfa55
 }
d73051da
 list($module, $page) = explode('/', $go, 2);
 $page = str_replace('/', '-', $page);
2626dd47
 if (! in_array($module, config('modules'))) {
     die("inactive module");
26afb797
 }
defbfa55
 
 
 /*
228275dc
  construct prefix
defbfa55
 */
 
 global $prefix;
 $prefix = "../";
 $count = 0;
 str_replace("/", "x", $go, $count);
 
 $prefix = $prefix.str_repeat("../", $count);
 
 
 require_once('session/start.php');
 
 $output = "";
ede58dec
 $html_header = "";
fb92f399
 require_once("inc/base.php");
defbfa55
 /* setup module include path */
2626dd47
 ini_set('include_path', ini_get('include_path').':./modules/'.$module.'/include:');
defbfa55
 
228275dc
 /* Look where we are (but let the module override) */
19cf5340
 $section = str_replace("/", "_", $go);
228275dc
 
defbfa55
 /* Let the module work */
eb53bf91
 include("modules/".$go.".php");
defbfa55
 
2626dd47
 if ($output) {
     if (!isset($title)) {
         $title = '';
     }
     show_page($module, $page);
d6f6e1fb
 }