Changeset 4412
- Timestamp:
- 07/17/07 02:52:17 (6 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/branches/2.3/amp_conf/htdocs/admin/config.php
r4384 r4412 32 32 switch ($_REQUEST['handler']) { 33 33 case 'reload': 34 /** AJAX handler for reload event 35 */ 34 36 include_once('common/json.inc.php'); 35 37 $response = do_reload(); 36 38 $json = new Services_JSON(); 37 39 echo $json->encode($response); 40 break; 41 case 'file': 42 /** Handler to pass-through file requests 43 * Looks for "module" and "file" variables, strips .. and only allows normal filename characters. 44 * Accepts only files of the type listed in $allowed_exts below, and sends the corresponding mime-type, 45 * and always interprets files through the PHP interpreter. (Most of?) the freepbx environment is available, 46 * including $db and $astman, and the user is authenticated. 47 */ 48 if (!isset($_REQUEST['module']) || !isset($_REQUEST['file'])) { 49 die("unknown"); 50 } 51 //TODO: this could probably be more efficient 52 $module = str_replace('..','.', preg_replace('/[^a-zA-Z0-9-\_\.]/','',$_REQUEST['module'])); 53 $file = str_replace('..','.', preg_replace('/[^a-zA-Z0-9-\_\.]/','',$_REQUEST['file'])); 54 55 $allowed_exts = array( 56 '.js' => 'text/javascript', 57 '.js.php' => 'text/javascript', 58 '.css' => 'text/css', 59 '.css.php' => 'text/css', 60 '.html.php' => 'text/html', 61 '.jpg.php' => 'image/jpeg', 62 '.jpeg.php' => 'image/jpeg', 63 '.png.php' => 'image/png', 64 '.gif.php' => 'image/gif', 65 ); 66 foreach ($allowed_exts as $ext=>$mimetype) { 67 if (substr($file, -1*strlen($ext)) == $ext) { 68 $fullpath = 'modules/'.$module.'/'.$file; 69 if (file_exists($fullpath)) { 70 // file exists, and is allowed extension 71 header("Content-type: ".$mimetype); 72 include($fullpath); 73 exit(); 74 } 75 break; 76 } 77 } 78 die("not allowed"); 38 79 break; 39 80 } freepbx/branches/2.3/amp_conf/htdocs/admin/views/freepbx.php
r4398 r4412 58 58 if (isset($module_name)) { 59 59 if (is_file('modules/'.$module_name.'/'.$module_name.'.css')) { 60 echo "\t".'<link href=" modules/'.$module_name.'/'.$module_name.'.css" rel="stylesheet" type="text/css">'."\n";60 echo "\t".'<link href="'.$_SERVER['PHP_SELF'].'?handler=file&module='.$module_name.'&file='.$module_name.'.css" rel="stylesheet" type="text/css">'."\n"; 61 61 } 62 62 if (isset($module_page) && is_file('modules/'.$module_name.'/'.$module_page.'.css')) { 63 echo "\t".'<link href=" modules/'.$module_name.'/'.$module_page.'.css" rel="stylesheet" type="text/css">'."\n";63 echo "\t".'<link href="'.$_SERVER['PHP_SELF'].'?handler=file&module='.$module_name.'&file='.$module_page.'.css" rel="stylesheet" type="text/css">'."\n"; 64 64 } 65 65 if (is_file('modules/'.$module_name.'/'.$module_name.'.js')) { 66 echo "\t".'<script type="text/javascript" src=" modules/'.$module_name.'/'.$module_name.'.js"></script>'."\n";66 echo "\t".'<script type="text/javascript" src="'.$_SERVER['PHP_SELF'].'?handler=file&module='.$module_name.'&file='.$module_name.'.js"></script>'."\n"; 67 67 } 68 68 if (isset($module_page) && is_file('modules/'.$module_name.'/'.$module_page.'.js')) { 69 echo "\t".'<script type="text/javascript" src=" modules/'.$module_name.'/'.$module_page.'.js"></script>'."\n";69 echo "\t".'<script type="text/javascript" src="'.$_SERVER['PHP_SELF'].'?handler=file&module='.$module_name.'&file='.$module_page.'.js"></script>'."\n"; 70 70 } 71 71 }
