diff options
author | Simon Rettberg | 2014-05-15 18:28:24 +0200 |
---|---|---|
committer | Simon Rettberg | 2014-05-15 18:28:24 +0200 |
commit | 63c0cf521f8097b0dadaf1228176dc38c7d897f6 (patch) | |
tree | 83f5da6dc130ac7db575b0eee41ed6c7a2f994fb /index.php | |
parent | Fix handle leak in downloading, better error reporting on failed downloads, a... (diff) | |
download | slx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.tar.gz slx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.tar.xz slx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.zip |
Working on config.tgz composition through config modules
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 38 |
1 files changed, 21 insertions, 17 deletions
@@ -2,37 +2,41 @@ error_reporting(E_ALL); -require_once('inc/user.inc.php'); -require_once('inc/render.inc.php'); -require_once('inc/menu.inc.php'); -require_once('inc/util.inc.php'); -require_once('inc/message.inc.php'); -require_once('inc/db.inc.php'); -require_once('inc/permission.inc.php'); -require_once('inc/crypto.inc.php'); -require_once('inc/validator.inc.php'); +// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php +function slxAutoloader($class) { + $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php'; + if (!file_exists($file)) return; + require_once $file; +} + +spl_autoload_register('slxAutoloader'); if (empty($_REQUEST['do'])) { // No specific module - set default - $module = 'main'; + $moduleName = 'main'; } else { - $module = preg_replace('/[^a-z]/', '', $_REQUEST['do']); + $moduleName = preg_replace('/[^a-z]/', '', $_REQUEST['do']); } -$module = 'modules/' . $module . '.inc.php'; +$modulePath = 'modules/' . $moduleName . '.inc.php'; -if (!file_exists($module)) { - Util::traceError('Invalid module: ' . $module); +if (!file_exists($modulePath)) { + Util::traceError('Invalid module: ' . $moduleName); } -// Display any messages +// Deserialize any messages if (isset($_REQUEST['message'])) { Message::fromRequest(); } +// CSRF/XSS +if ($_SERVER['REQUEST_METHOD'] === 'POST' && !Util::verifyToken()) { + Util::redirect('?do=' . $moduleName); +} + // Load module - it will execute pre-processing, or act upon request parameters -require_once($module); -unset($module); +require_once($modulePath); +unset($modulePath); // Main menu $menu = new Menu; |