diff options
author | msquare <msquare@notrademark.de> | 2016-09-29 11:28:42 +0200 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2016-09-29 11:28:42 +0200 |
commit | 4c288e957ec4340af93f980c65eecea6d3a789f4 (patch) | |
tree | a438607b5a1974e86a7fdd6f5da50db6e5356c1c /public/index.php | |
parent | e965f8d04150fbd17ee1b5fcbca5ae85bbe6d6bd (diff) |
prohibit inline control structures on includes and index
Diffstat (limited to 'public/index.php')
-rw-r--r-- | public/index.php | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/public/index.php b/public/index.php index 7915e8a6..51c8e7eb 100644 --- a/public/index.php +++ b/public/index.php @@ -1,7 +1,7 @@ <?php require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php'); -$free_pages = array( +$free_pages = [ 'admin_event_config', 'angeltypes', 'api', @@ -16,12 +16,14 @@ $free_pages = array( 'users', 'user_driver_licenses', 'user_password_recovery' -); +]; // Gewünschte Seite/Funktion $p = ""; -if (! isset($_REQUEST['p'])) +if (! isset($_REQUEST['p'])) { $_REQUEST['p'] = isset($user) ? "news" : "login"; +} + if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $free_pages) || in_array($_REQUEST['p'], $privileges))) { $p = $_REQUEST['p']; @@ -160,7 +162,7 @@ if ($event_config === false) { engelsystem_error("Unable to load event config."); } -echo template_render('../templates/layout.html', array( +echo template_render('../templates/layout.html', [ 'theme' => isset($user) ? $user['color'] : $default_theme, 'title' => $title, 'atom_link' => ($p == 'news' || $p == 'user_meetings') ? '<link href="' . page_link_to('atom') . (($p == 'user_meetings') ? '&meetings=1' : '') . '&key=' . $user['api_key'] . '" type="application/atom+xml" rel="alternate" title="Atom Feed">' : '', @@ -171,6 +173,6 @@ echo template_render('../templates/layout.html', array( 'contact_email' => $contact_email, 'locale' => locale(), 'event_info' => EventConfig_info($event_config) . '<br />' -)); +]); ?> |