From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/capp.php |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/interface/web/capp.php b/interface/web/capp.php
index 8a5ff6e..4512391 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -31,26 +31,35 @@
 require_once('../lib/config.inc.php');
 require_once('../lib/app.inc.php');
 
-// importiere Modul
+//* Import module variable
 $mod = $_REQUEST["mod"];
+//* If we click on a search result, load that one instead of the module's start page
+$redirect = (isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : '');
 
-// Checke ob User eingeloggt
+//* Check if user is logged in
 if($_SESSION["s"]["user"]['active'] != 1) {
-	header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);
-	die();
+	die("URL_REDIRECT: /index.php");
+	//die();
 }
 
-// checke ob User Modul verwenden darf
+if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
+
+//* Check if user may use the module.
 $user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);
 
 if(!in_array($mod,$user_modules)) $app->error($app->lng(301));
 
-// lade Moduldaten in Session
+//* Load module configuration into the session.
 if(is_file($mod."/lib/module.conf.php")) {
 	include_once($mod."/lib/module.conf.php");
 	$_SESSION["s"]["module"] = $module;
 	session_write_close();
-	echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	if($redirect == ''){
+		echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	} else {
+		//* If we click on a search result, load that one instead of the module's start page
+		echo "HEADER_REDIRECT:".$redirect;
+	}
 } else {
 	$app->error($app->lng(302));
 }

--
Gitblit v1.9.1