blob: e32df84c770c1211aeb4818676a5929b73bc48e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
<?php
// What directory are we in on the server? /////////////////////////////////////
define('BASEPATH', dirname(__FILE__));
// Check for xss attacks. //////////////////////////////////////////////////////
$xss_file = BASEPATH.'/xss-check.php';
if (file_exists($xss_file)) {
require($xss_file);
if (xss_attack()) {
echo "execution halted to prevent XSS attack.";
exit();
}
}
unset($xss_file);
require_once(BASEPATH.'/stub.php');
// Figure what page is trying to be loaded. ////////////////////////////////////
// We don't have to do any check if it's a real file being looked for, if the
// requested page exists as a real file, .htaccess won't even let us load
@$PAGE_RAW = $_GET['p'];
$PAGE_PARTS = explode('/', $PAGE_RAW);
$FILE = array_pop($PAGE_PARTS);
$regex = '@([^.]*)\\.(.*)@';
if (preg_match($regex, $FILE, $matches)) {
@$FILE = $matches[1];
@$EXT = $matches[2];
array_push($PAGE_PARTS, $FILE);
$PAGE = implode('/', $PAGE_PARTS);
} else {
$PAGE = $PAGE_RAW;
}
unset($PAGE_RAW); unset($PAGE_PARTS); unset($FILE); unset($regex);
if ($PAGE=='') $PAGE = 'index';
define('PAGE', $PAGE); unset($PAGE);
define('PAGE_EXT', $EXT); unset($EXT);
// Kludgy ugly hacky hack //////////////////////////////////////////////////////
require_once('ContactMethod.class.php');
require(BASEPATH.'/conf-contacts.php');
// Business ////////////////////////////////////////////////////////////////////
require_once('Router.class.php');
$router = new Router(CONTROLLERPATH);
$router->route(PAGE);
|
