require(INCLUDE_DIR.'database.inc');
$db = new CLASS_DATABASE();
-$logger = new logger; //XXX
+//$logger = new logger; //XXX
if (!empty($_GET['template_id'])) {
$template_id=$_GET['template_id'];
//echo TEMPLATE_DIR.TEMPLATE_SET;
//echo $smarty->template_dir;
$smarty->compile_dir = SYSTEM_DATA."templates_c/";
-$smarty->config_dir = SMARTY_DIR.'configs/'; #XXX neexistuje
+$smarty->config_dir = SMARTY_DIR.'configs/'; //XXX neexistuje
$smarty->cache_dir = SMARTY_DIR.'cache/';
$smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
if ($_SESSION['debugging']) $smarty->debugging=true;
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
if ($_SESSION['debugging']) {
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia mail";
$rss->description = "";
$rss->link = "https://". SYSTEM_URL . "/id/24";
$m = $set->getRecord();
if ($m['mail_to'] != $_SESSION['user_id'])
continue;
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $m['mail_from_name'];
$item->link = "https://".SYSTEM_URL."/id/24";
$item->description = $m['mail_text'];
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = "Kyberia bookmarks";
$rss->link = "http://".SYSTEM_URL."/id/19";
if (is_array($_item['children']))
foreach ($_item['children'] as $_b)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_b['node_name'];
$item->link = "http://".SYSTEM_URL."/id/".$_b['node_id']."/rss";
$rss->addItem($item);
{
require_once(INCLUDE_DIR.'/feedcreator.class.php');
- $rss =& new UniversalFeedCreator();
+ $rss = new UniversalFeedCreator();
$rss->title = $node['node_name'];
$rss->description = "";
$rss->link = "http://".SYSTEM_URL."/id/".$node['node_id'];
foreach ($_items as $_item)
{
- $item =& new FeedItem();
+ $item = new FeedItem();
$item->title = $_item['node_name'];
$item->link = "http://".SYSTEM_URL."/id/".$_item['node_id'];
$item->description = $_item['node_content'];
//if node is css
if ($node['template_id']!='2019721'){
- $logger->log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
+ logger::log('enter',$node['node_id'],'ok',$node['node_user_subchild_count']);
if (!empty($_SESSION['user_id']) && is_numeric($node['node_id'])) {
$q="update node_access set visits=visits+1,node_user_subchild_count='0',last_visit=NOW() where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
// echo $q;
else {
- $logger->log('enter',$node['node_id'],'failed');
+ logger::log('enter',$node['node_id'],'failed');
}
$user_id);
$newmailset = $db->query($newmail_q);
-# $newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
+//$newmailset=$db->query("select user_mail,user_mail_name,user_k,k_wallet from users where user_id='$user_id'");
$newmailset->next();
$new_mail=$newmailset->getString('user_mail');