reported by Pascal Suter (07-05-2004 20:07)
===========================================
It is IMPORTANT to fix your
Code: Select all
front.func.inc.php
in "include/inc_front".
If you can update to the most current version.
1) Replace function include_ext_php
-----------------------------------
Code: Select all
function include_ext_php($inc_file) {
// includes an external PHP script file and returns
// the result as string from buffered include content
$ext_php_content = '';
//check if this is a local file
if(is_file($inc_file)) {
$this_path = str_replace("\\", '/', dirname(realpath($inc_file)));
$this_path = preg_replace('/\/$/', '', $this_path);
$root_path = str_replace("\\", '/', PHPWCMS_ROOT);
$root_path = preg_replace('/\/$/', '', $root_path);
if(strpos($this_path, $root_path) === 0) {
ob_start();
include $inc_file;
$ext_php_content = ob_get_contents();
ob_end_clean();
}
}
return $ext_php_content;
}
2) Replace FUNCTION include_int_php
-----------------------------------
Code: Select all
function include_int_php($string) {
// return the PHP var value
$s = html_despecialchars($string[1]);
if(strpos($s,'$GLOBALS')===false) {
$s = preg_replace('/^\$(.*?)\[(.*?)/si', '$GLOBALS["$1"][$2', $s);
if(substr($s,strlen($s)-1) != ']') {
$s = str_replace('$', '', $s);
$s = '$GLOBALS["'.$s.'"]';
//$s = preg_replace('/^\$(.*?)/si', '$GLOBALS["$1"]', $s);
}
}
$s = str_replace('$phpwcms', '$notavailable', $s);
$s = str_replace('["phpwcms"]', '["notavailable"]', $s);
$s = str_replace("['phpwcms']", '["notavailable"]', $s);
ob_start();
eval('echo '.$s.';');
$return = ob_get_contents();
ob_end_clean();
return $return;
}
You can download this file at SourceForge.net // All files
Oliver Georgi // 08-05-2004 // 01:28