Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-06-12 15:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

* first check if page to load exist in database, then in pages/ dir

Browse Source
This commit is contained in:
slawkens1 2017-09-29 22:33:25 +02:00
parent 4ac2fe27d5
commit 919f69ef46
1 changed files with 46 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
index.php
View File

@ -170,58 +170,59 @@ if($load_it)
require(SYSTEM . 'compat_pages.php'); require(SYSTEM . 'compat_pages.php');
$ignore = false; $ignore = false;
$file = SYSTEM . 'pages/' . $page . '.php';
if(!@file_exists($file)) $logged_access = 0;
if($logged && $account_logged && $account_logged->isLoaded()) {
$logged_access = $account_logged->getAccess();
}
$query =
$db->query(
'SELECT `title`, `body`, `php`' .
' FROM `' . TABLE_PREFIX . 'pages`' .
' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
if($query->rowCount() > 0) // found page
{ {
$logged_access = 0; $ignore = true;
if($logged && $account_logged && $account_logged->isLoaded()) { $query = $query->fetch();
$logged_access = $account_logged->getAccess(); $title = $query['title'];
}
$query = if($query['php'] == '1') // execute it as php code
$db->query(
'SELECT `title`, `body`, `php`' .
' FROM `' . TABLE_PREFIX . 'pages`' .
' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
if($query->rowCount() > 0) // found page
{ {
$ignore = true; $tmp = substr($query['body'], 0, 10);
$query = $query->fetch(); if(($pos = strpos($tmp, '<?php')) !== false) {
$title = $query['title']; $tmp = preg_replace('/<\?php/', '', $query['body'], 1);
}
if($query['php'] == '1') // execute it as php code else if(($pos = strpos($tmp, '<?')) !== false) {
{ $tmp = preg_replace('/<\?/', '', $query['body'], 1);
$tmp = substr($query['body'], 0, 10);
if(($pos = strpos($tmp, '<?php')) !== false) {
$tmp = preg_replace('/<\?php/', '', $query['body'], 1);
}
else if(($pos = strpos($tmp, '<?')) !== false) {
$tmp = preg_replace('/<\?/', '', $query['body'], 1);
}
else
$tmp = $query['body'];
$php_errors = array();
function error_handler($errno, $errstr) {
global $php_errors;
$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
}
set_error_handler('error_handler');
ob_start();
eval($tmp);
$content .= ob_get_contents();
ob_end_clean();
restore_error_handler();
if(isset($php_errors[0]) && superAdmin()) {
var_dump($php_errors);
}
} }
else else
$content .= $query['body']; // plain html $tmp = $query['body'];
$php_errors = array();
function error_handler($errno, $errstr) {
global $php_errors;
$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
}
set_error_handler('error_handler');
ob_start();
eval($tmp);
$content .= ob_get_contents();
ob_end_clean();
restore_error_handler();
if(isset($php_errors[0]) && superAdmin()) {
var_dump($php_errors);
}
} }
else else
$content .= $query['body']; // plain html
}
else
{
$file = SYSTEM . 'pages/' . $page . '.php';
if(!@file_exists($file))
{ {
$page = '404'; $page = '404';
$file = SYSTEM . 'pages/404.php'; $file = SYSTEM . 'pages/404.php';