Fixed a couple of obvious errors.

[fa-stable.git] / includes / main.inc
diff --git a/includes/main.inc b/includes/main.inc

index b89f4496d4cc5ac0699aa3a30b8cc4224d0fccbc..1101584eca779028dd8b6f1bec7547fddad91b7b 100644 (file)
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -11,7 +11,6 @@
  ***********************************************************************/
  include_once($path_to_root . "/includes/db/connect_db.inc");
  
-include_once($path_to_root . "/includes/errors.inc");
  include_once($path_to_root . "/includes/types.inc");
  include_once($path_to_root . "/includes/systypes.inc");
  include_once($path_to_root . "/includes/references.inc");
@@ -23,21 +22,24 @@ include_once($path_to_root . "/includes/db/audit_trail_db.inc");
  include_once($path_to_root . "/admin/db/users_db.inc");
  include_once($path_to_root . "/includes/ui/ui_view.inc");
  include_once($path_to_root . "/includes/ui/ui_controls.inc");
-       
+
+$page_nested = -1;
+
  function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false, $css='')
  {
  
-       global $path_to_root, $page_security;
+       global $path_to_root, $page_security, $page_nested;
  
+       if (++$page_nested) return;
  
         $hide_menu = $no_menu;
  
-       include($path_to_root . "/includes/page/header.inc");
+       include_once($path_to_root . "/includes/page/header.inc");
  
         page_header($title, $no_menu, $is_index, $onload, $js, $css);
         check_page_security($page_security);
  //     error_box();
-       if($script_only) {              
+       if($script_only) {
                 echo '<noscript>';
                 echo display_heading(_('This page is usable only with javascript enabled browsers.'));
                 echo '</noscript>';
@@ -47,16 +49,18 @@ function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $scri
         }
  }
  
-function end_page($no_menu=false, $is_index=false, $hide_back_link=false, $type_no=0, $trans_no=0)
+function end_page($no_menu=false, $is_index=false, $final_screen=false, $type_no=0, $trans_no=0)
  {
-       global $path_to_root;
+       global $path_to_root, $page_nested;
  
-       if (!$is_index && !$hide_back_link && function_exists('hyperlink_back'))
-               hyperlink_back(true, $no_menu, $type_no, $trans_no);
+       if ($page_nested-- > 0) return;
+
+       if (!$is_index && function_exists('hyperlink_back'))
+               hyperlink_back(true, $no_menu, $type_no, $trans_no, $final_screen);
         div_end();      // end of _page_body section
  
-       include($path_to_root . "/includes/page/footer.inc");
-       page_footer($no_menu, $is_index, $hide_back_link);
+       include_once($path_to_root . "/includes/page/footer.inc");
+       page_footer($no_menu, $is_index);
  }
  
  function cache_js_file($fpath, $text) 
@@ -257,9 +261,9 @@ function check_write($path)
  {
         if ($path == ''//|| $path == '.' || $path == '..'
         ) return 0;
-       
+
         return is_writable($path) ? (is_dir($path) ? 1 : -1) 
-               : (is_file($path) ? 0 : ($path == '.' ? 0 : check_write(dirname($path))));
+               : (is_file($path) ? 0 : ($path == '.' || $path == '..' ? 0 : check_write(dirname($path))));
  }
  
  /*
@@ -343,5 +347,13 @@ function find_custom_file($rep)
  
         return null;
  }
+/*
+       
+       Protect against directory traversal.
+       Changes all not POSIX compatible chars to underscore.
+*/
+function clean_file_name($filename) {
+    return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
+}
  
  ?>
 \ No newline at end of file