Continued:
- some spaces added - removed parentheses as requested by @Hypolite - added really important TODO as remote-inclusion is not what you want Signed-off-by: Roland Haeder <roland@mxchange.org>
This commit is contained in:
parent
0e19fdfc71
commit
084dbd6859
1 changed files with 4 additions and 3 deletions
|
@ -496,14 +496,14 @@ if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) {
|
||||||
$page = $a->page;
|
$page = $a->page;
|
||||||
$profile = $a->profile;
|
$profile = $a->profile;
|
||||||
|
|
||||||
header("X-Friendica-Version: ".FRIENDICA_VERSION);
|
header("X-Friendica-Version: " . FRIENDICA_VERSION);
|
||||||
header("Content-type: text/html; charset=utf-8");
|
header("Content-type: text/html; charset=utf-8");
|
||||||
|
|
||||||
// We use $_GET["mode"] for special page templates. So we will check if we have
|
// We use $_GET["mode"] for special page templates. So we will check if we have
|
||||||
// to load another page template than the default one
|
// to load another page template than the default one
|
||||||
// The page templates are located in /view/php/ or in the theme directory
|
// The page templates are located in /view/php/ or in the theme directory
|
||||||
if (isset($_GET["mode"])) {
|
if (isset($_GET["mode"])) {
|
||||||
$template = theme_include($_GET["mode"].'.php');
|
$template = theme_include($_GET["mode"] . '.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
// If there is no page template use the default page template
|
// If there is no page template use the default page template
|
||||||
|
@ -511,7 +511,8 @@ if (!$template) {
|
||||||
$template = theme_include("default.php");
|
$template = theme_include("default.php");
|
||||||
}
|
}
|
||||||
|
|
||||||
require_once($template);
|
/// @TODO Looks unsafe (remote-inclusion), is maybe not but theme_include() uses file_exists() but does not escape anything
|
||||||
|
require_once $template;
|
||||||
|
|
||||||
if (!$a->is_backend()) {
|
if (!$a->is_backend()) {
|
||||||
session_write_close();
|
session_write_close();
|
||||||
|
|
Loading…
Reference in a new issue