From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/capp.php |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/interface/web/capp.php b/interface/web/capp.php
index 39b2744..4512391 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -33,12 +33,16 @@
 
 //* Import module variable
 $mod = $_REQUEST["mod"];
+//* If we click on a search result, load that one instead of the module's start page
+$redirect = (isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : '');
 
 //* Check if user is logged in
 if($_SESSION["s"]["user"]['active'] != 1) {
-	header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);
-	die();
+	die("URL_REDIRECT: /index.php");
+	//die();
 }
+
+if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
 
 //* Check if user may use the module.
 $user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);
@@ -50,7 +54,12 @@
 	include_once($mod."/lib/module.conf.php");
 	$_SESSION["s"]["module"] = $module;
 	session_write_close();
-	echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	if($redirect == ''){
+		echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	} else {
+		//* If we click on a search result, load that one instead of the module's start page
+		echo "HEADER_REDIRECT:".$redirect;
+	}
 } else {
 	$app->error($app->lng(302));
 }

--
Gitblit v1.9.1