forked from modxcms/evolution
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index-ajax.php
67 lines (59 loc) · 2.07 KB
/
index-ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
// Add items to this array corresponding to which directories within assets/snippets/ can be used by this file.
// Do not add entries unneccesarily.
// Any PHP files in these directories can be executed by any user.
$allowed_dirs = array('assets/snippets/ajaxSearch/');
include_once(dirname(__FILE__)."/assets/cache/siteManager.php");
// harden it
require_once('./'.MGR_DIR.'/includes/protect.inc.php');
// set some settings, and address some IE issues
@ini_set('url_rewriter.tags', '');
@ini_set('session.use_trans_sid', 0);
@ini_set('session.use_only_cookies',1);
session_cache_limiter('');
header('P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"'); // header for weird cookie stuff. Blame IE.
header('Cache-Control: private, must-revalidate');
// initialize the variables prior to grabbing the config file
$database_type = "";
$database_server = "";
$database_user = "";
$database_password = "";
$dbase = "";
$table_prefix = "";
$base_url = "";
$base_path = "";
// get the required includes
if($database_user=='') {
if (!$rt = @include_once MGR_DIR."/includes/config.inc.php") {
exit('Could not load MODX configuration file!');
}
}
if($axhandler = (strtoupper($_SERVER['REQUEST_METHOD'])=='GET') ? $_GET['q'] : $_POST['q']) {
$axhandler = preg_replace('/[^A-Za-z0-9_\-\.\/]/', '', $axhandler);
// Get realpath
$axhandler = realpath(MODX_BASE_PATH.$axhandler) or die(); // full
$axhandler = str_replace('\\','/',$axhandler);
$axhandler_rel = substr($axhandler, strlen(MODX_BASE_PATH)); // relative
if ($axhandler_rel && strtolower(substr($axhandler_rel, -4)) == '.php') {
// permission check
$allowed = false;
foreach($allowed_dirs as $allowed_dir) {
if (substr($axhandler_rel, 0, strlen($allowed_dir)) == $allowed_dir) {
$allowed = true;
break;
}
}
if ($allowed) {
include_once($axhandler);
} else {
header('HTTP/1.1 404 Not Found');
exit();
}
} else {
header('HTTP/1.1 404 Not Found');
exit();
}
} else {
header('HTTP/1.1 404 Not Found');
exit();
}