From 3e6c412ed413cafe0dc9a9d03bda7638eba8d5b8 Mon Sep 17 00:00:00 2001 From: Thomas Mudrunka Date: Tue, 19 Jul 2011 00:40:53 +0200 Subject: [PATCH] pridan zaklad frameworku pro "assistants" (lempldesk pruvodce) --- assistants/new-item.inc.php | 3 +++ index.php | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 assistants/new-item.inc.php diff --git a/assistants/new-item.inc.php b/assistants/new-item.inc.php new file mode 100644 index 0000000..bd0aedb --- /dev/null +++ b/assistants/new-item.inc.php @@ -0,0 +1,3 @@ +render_form_add('model'); +echo $this->render_form_add('item'); diff --git a/index.php b/index.php index 493c92b..b2474e3 100755 --- a/index.php +++ b/index.php @@ -440,6 +440,17 @@ class Sklad_UI { die(); } + function safe_include($dir,$name,$ext='.inc.php') { + if(preg_match('/[^a-zA-Z0-9-]/',$name)) die(trigger_error('SAFE INCLUDE: Securityfuck.')); + $filename="$dir/$name$ext"; + if(!is_file($filename)) die(trigger_error('SAFE INCLUDE: Fuckfound.')); + ob_start(); + include($filename); + $out=ob_get_contents(); + ob_end_clean(); + return $out; + } + function process_http_request_post($action=false, $class=false, $id=false) { if($_SERVER['REQUEST_METHOD'] != 'POST') return; echo('
'); //DEBUG (maybe todo remove)
@@ -508,6 +519,9 @@ class Sklad_UI {
 			case 'test':	//test
 				die('Tell me why you cry');
 				break;
+			case 'assistant': //assistant
+				echo $this->safe_include(DIR_ASSISTANTS,$PATH_CHUNKS[2]);
+				break;
 			default:	//?
 				$search	= (isset($_GET['q']) && trim($_GET['q']) != '') ? trim($_GET['q']) : false;
 				$class	= (isset($PATH_CHUNKS[1]) && $PATH_CHUNKS[1] != '') ? $PATH_CHUNKS[1] : 'item';
-- 
2.30.2