From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
interface/web/capp.php | 27 +++++++++++++++++++++------
1 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/interface/web/capp.php b/interface/web/capp.php
index 4512391..3939269 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -28,8 +28,8 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-require_once('../lib/config.inc.php');
-require_once('../lib/app.inc.php');
+require_once '../lib/config.inc.php';
+require_once '../lib/app.inc.php';
//* Import module variable
$mod = $_REQUEST["mod"];
@@ -43,15 +43,30 @@
}
if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
+if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,9}$/i", $redirect)) die('redirect contains unallowed chars.');
//* Check if user may use the module.
-$user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);
+$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
-if(!in_array($mod,$user_modules)) $app->error($app->lng(301));
+if(!in_array($mod, $user_modules)) $app->error($app->lng(301));
//* Load module configuration into the session.
if(is_file($mod."/lib/module.conf.php")) {
- include_once($mod."/lib/module.conf.php");
+ include_once $mod."/lib/module.conf.php";
+
+ $menu_dir = ISPC_WEB_PATH.'/' . $mod . '/lib/menu.d';
+
+ if (is_dir($menu_dir)) {
+ if ($dh = opendir($menu_dir)) {
+ //** Go through all files in the menu dir
+ while (($file = readdir($dh)) !== false) {
+ if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') {
+ include_once $menu_dir . '/' . $file;
+ }
+ }
+ }
+ }
+
$_SESSION["s"]["module"] = $module;
session_write_close();
if($redirect == ''){
@@ -63,4 +78,4 @@
} else {
$app->error($app->lng(302));
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1