Rev 7 | Rev 14 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 7 | Rev 8 | ||
---|---|---|---|
Line 734... | Line 734... | ||
734 | $license = ''; |
734 | $license = ''; |
735 | $deaktiviere_zugangspruefung = 0; |
735 | $deaktiviere_zugangspruefung = 0; |
736 | 736 | ||
737 | if ($titelzeile_modul == '') $titelzeile_modul = $modul; |
737 | if ($titelzeile_modul == '') $titelzeile_modul = $modul; |
738 | 738 | ||
739 | if (file_exists('modules/'.$titelzeile_modul.'/var.inc.php')) |
739 | if (file_exists('modules/'.wb_dir_escape($titelzeile_modul).'/var.inc.php')) |
740 | { |
740 | { |
741 | include('modules/'.$titelzeile_modul.'/var.inc.php'); |
741 | include('modules/'.wb_dir_escape($titelzeile_modul).'/var.inc.php'); |
742 | $titel = $modulueberschrift; |
742 | $titel = $modulueberschrift; |
743 | } |
743 | } |
744 | 744 | ||
745 | if (file_exists('modules/'.$titelzeile_modul.'/images/menu/32.png')) |
745 | if (file_exists('modules/'.wb_dir_escape($titelzeile_modul).'/images/menu/32.png')) |
746 | $g = 'modules/'.$titelzeile_modul.'/images/menu/32.png'; |
746 | $g = 'modules/'.wb_dir_escape($titelzeile_modul).'/images/menu/32.png'; |
747 | else if (file_exists('modules/'.$titelzeile_modul.'/images/menu/32.gif')) |
747 | else if (file_exists('modules/'.wb_dir_escape($titelzeile_modul).'/images/menu/32.gif')) |
748 | $g = 'modules/'.$titelzeile_modul.'/images/menu/32.gif'; |
748 | $g = 'modules/'.wb_dir_escape($titelzeile_modul).'/images/menu/32.gif'; |
749 | else |
749 | else |
750 | $g = 'design/spacer.gif'; |
750 | $g = 'design/spacer.gif'; |
751 | 751 | ||
752 | return "javascript:oop('".$modul."', '".$seite."', '".my_htmlentities($titel)."', '".$g."');"; |
752 | return "javascript:oop('".$modul."', '".$seite."', '".my_htmlentities($titel)."', '".$g."');"; |
753 | } |
753 | } |
Line 831... | Line 831... | ||
831 | $durchlauf = 0; |
831 | $durchlauf = 0; |
832 | for ($i=1; isset($ary[$i]['id']); $i++) |
832 | for ($i=1; isset($ary[$i]['id']); $i++) |
833 | { |
833 | { |
834 | $durchlauf++; |
834 | $durchlauf++; |
835 | 835 | ||
836 | if (file_exists('modules/'.$modul.'/menueeintrag.inc.php')) |
836 | if (file_exists('modules/'.wb_dir_escape($modul).'/menueeintrag.inc.php')) |
837 | include('modules/'.$modul.'/menueeintrag.inc.php'); |
837 | include('modules/'.wb_dir_escape($modul).'/menueeintrag.inc.php'); |
838 | 838 | ||
839 | echo "\n"; |
839 | echo "\n"; |
840 | } |
840 | } |
841 | 841 | ||
842 | return $durchlauf; |
842 | return $durchlauf; |
Line 850... | Line 850... | ||
850 | $durchlauf = 0; |
850 | $durchlauf = 0; |
851 | for ($i=1; isset($ary[$i]['id']); $i++) |
851 | for ($i=1; isset($ary[$i]['id']); $i++) |
852 | { |
852 | { |
853 | $durchlauf++; |
853 | $durchlauf++; |
854 | 854 | ||
855 | if (file_exists('modules/'.$modul.'/menueeintrag.inc.php')) |
855 | if (file_exists('modules/'.wb_dir_escape($modul).'/menueeintrag.inc.php')) |
856 | include('modules/'.$modul.'/menueeintrag.inc.php'); |
856 | include('modules/'.wb_dir_escape($modul).'/menueeintrag.inc.php'); |
857 | } |
857 | } |
858 | 858 | ||
859 | return $durchlauf; |
859 | return $durchlauf; |
860 | } |
860 | } |
861 | 861 | ||
Line 885... | Line 885... | ||
885 | return '<tr> |
885 | return '<tr> |
886 | <td colspan="5"><img src="design/spacer.gif" alt="" width="1" height="14"></td> |
886 | <td colspan="5"><img src="design/spacer.gif" alt="" width="1" height="14"></td> |
887 | </tr>'; |
887 | </tr>'; |
888 | } |
888 | } |
889 | 889 | ||
- | 890 | function wb_dir_escape($s) { |
|
- | 891 | $s = str_replace('..', '__', $s); |
|
- | 892 | $s = str_replace('~', '_', $s); |
|
- | 893 | $s = str_replace('/', '_', $s); |
|
- | 894 | $s = str_replace('\\', '_', $s); |
|
- | 895 | $s = str_replace(chr(0), '_', $s); |
|
- | 896 | return $s; |
|
890 | ?> |
897 | } |