summaryrefslogtreecommitdiffstats
path: root/index.php
diff options
context:
space:
mode:
authorSimon Rettberg2014-05-15 18:28:24 +0200
committerSimon Rettberg2014-05-15 18:28:24 +0200
commit63c0cf521f8097b0dadaf1228176dc38c7d897f6 (patch)
tree83f5da6dc130ac7db575b0eee41ed6c7a2f994fb /index.php
parentFix handle leak in downloading, better error reporting on failed downloads, a... (diff)
downloadslx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.tar.gz
slx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.tar.xz
slx-admin-63c0cf521f8097b0dadaf1228176dc38c7d897f6.zip
Working on config.tgz composition through config modules
Diffstat (limited to 'index.php')
-rw-r--r--index.php38
1 files changed, 21 insertions, 17 deletions
diff --git a/index.php b/index.php
index d693b9e8..d50d1d71 100644
--- a/index.php
+++ b/index.php
@@ -2,37 +2,41 @@
error_reporting(E_ALL);
-require_once('inc/user.inc.php');
-require_once('inc/render.inc.php');
-require_once('inc/menu.inc.php');
-require_once('inc/util.inc.php');
-require_once('inc/message.inc.php');
-require_once('inc/db.inc.php');
-require_once('inc/permission.inc.php');
-require_once('inc/crypto.inc.php');
-require_once('inc/validator.inc.php');
+// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
+function slxAutoloader($class) {
+ $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
+ if (!file_exists($file)) return;
+ require_once $file;
+}
+
+spl_autoload_register('slxAutoloader');
if (empty($_REQUEST['do'])) {
// No specific module - set default
- $module = 'main';
+ $moduleName = 'main';
} else {
- $module = preg_replace('/[^a-z]/', '', $_REQUEST['do']);
+ $moduleName = preg_replace('/[^a-z]/', '', $_REQUEST['do']);
}
-$module = 'modules/' . $module . '.inc.php';
+$modulePath = 'modules/' . $moduleName . '.inc.php';
-if (!file_exists($module)) {
- Util::traceError('Invalid module: ' . $module);
+if (!file_exists($modulePath)) {
+ Util::traceError('Invalid module: ' . $moduleName);
}
-// Display any messages
+// Deserialize any messages
if (isset($_REQUEST['message'])) {
Message::fromRequest();
}
+// CSRF/XSS
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && !Util::verifyToken()) {
+ Util::redirect('?do=' . $moduleName);
+}
+
// Load module - it will execute pre-processing, or act upon request parameters
-require_once($module);
-unset($module);
+require_once($modulePath);
+unset($modulePath);
// Main menu
$menu = new Menu;