1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
<?php
// $Id: wrapper.header.default,v 1.22 2004/10/14 00:21:44 jenst Exp $
// This header file detects whether Gallery is embedded in any
// known PHP applications and then decorates Gallery appropriately.
global $GALLERY_EMBEDDED_INSIDE;
global $GALLERY_EMBEDDED_INSIDE_TYPE;
if(isset($GALLERY_EMBEDDED_INSIDE)) {
global $PHP_SELF;
if (
($GALLERY_EMBEDDED_INSIDE_TYPE == 'postnuke' && !defined("LOADED_AS_MODULE")) ||
($GALLERY_EMBEDDED_INSIDE_TYPE == 'phpnuke' && !eregi("modules.php", $PHP_SELF)) ||
($GALLERY_EMBEDDED_INSIDE_TYPE == 'cpgnuke' && !defined('CPG_NUKE')) ||
($GALLERY_EMBEDDED_INSIDE_TYPE == 'nsnnuke' && !eregi("modules.php", $PHP_SELF)) ||
($GALLERY_EMBEDDED_INSIDE_TYPE == 'phpBB2' && !defined("LOADED_AS_MODULE"))
) {
die ("You can't access this file directly...");
}
switch ($GALLERY_EMBEDDED_INSIDE_TYPE) {
case 'phpnuke':
case 'postnuke':
case 'cpgnuke':
/*
* Nuke owns the <head> tag and doesn't share. So, if we want to get our
* style sheet in place we've got to intercept Nuke's header and modify it
* to insert a few lines of our own in place. We could speed this process
* up greatly if we cached the results and saved it somewhere handy (like
* the session) but then we'd be vulnerable to attack by somebody who has
* write permissions in the directory that the session files live. They
* could create a bogus session file, set that ID into their cookie and
* then pass their own code into our eval() below.
*/
$header = "";
if ($fd = fopen("header.php", "r")) {
while (!feof($fd)) {
$line = fgets($fd, 1024);
$line = str_replace('<?php', '', $line);
$line = str_replace(' ?>', '', $line);
$header .= $line;
if (strstr($line, "<head")) {
$links = getStyleSheetLink();
$links = str_replace('"', '\"', $links);
$header .= 'echo "' . $links . '\n";' . "\n";
}
}
}
/*
* We can control whether we see the right side blocks
* by setting the value of the $index variable. To
* see the blocks, set $index to 1. To hide them set
* $index to 0. We default to 0 to leave more room for
* the photos. If you change this value, you should
* also change it in wrapper.footer
*
* Note that we save the current value of $index in
* $tmp_index and restore it when we're done. If we
* don't do this, navigation won't work!
*/
global $index;
$tmp_index = $index;
$index = 0;
eval($header);
OpenTable();
$index = $tmp_index;
break;
case 'phpBB2':
/*
* PhpBB2 uses a templating system and also owns the HEAD tags. The
* easiest way at the moment to tackle this issue is therefore to
* simply make sure we don't call this function if phpBB2 is being used
* and put the style sheet link into the template manually
*/
global $phpbb_root_path;
global $template;
global $db;
global $theme, $lang, $images;
global $board_config;
global $phpEx;
global $userdata, $u_login_logout;
global $s_privmsg_new, $s_last_visit;
global $l_privmsgs_text_unread, $l_privmsgs_text, $l_online_users;
global $page_title, $nav_links_html;
// Sort out the page title
$page_title .= $gallery->app->galleryTitle;
// Verify that the $phpbb_root_path isn't overwritten with a remote exploit
if (!realpath($phpbb_root_path)) {
print _("Security violation") ."\n";
exit;
} else {
if (! defined("PHPBB_ROOT_PATH")) {
define("PHPBB_ROOT_PATH", $phpbb_root_path);
}
include (PHPBB_ROOT_PATH . "includes/page_header.php");
}
break;
case 'GeekLog':
/*
** Display header and left blocks
*/
echo COM_siteHeader();
break;
}
}
includeTemplate('header.tpl');
?>
|
