Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-05-03 20:59:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow admin pages included into plugins dir

Browse Source
This commit is contained in:
slawkens 2023-02-03 12:19:35 +01:00
parent a0ccbbe8c2
commit eb4ea48641
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
admin/index.php
View File

@ -19,7 +19,7 @@ $content = '';
// validate page
$page = $_GET['p'] ?? '';
if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
$page = 'dashboard';
$page = strtolower($page);
@ -55,9 +55,14 @@ if(!$logged || !admin()) {
// include our page
$file = BASE . 'admin/pages/' . $page . '.php';
if(!@file_exists($file)) {
if (strpos($page, 'plugins/') !== false) {
$file = BASE . $page;
}
else {
$page = '404';
$file = SYSTEM . 'pages/404.php';
}
}
ob_start();
include($file);