Continued:

- some spaces added
- removed parentheses as requested by @Hypolite
- added really important TODO as remote-inclusion is not what you want

Signed-off-by: Roland Haeder <roland@mxchange.org>
This commit is contained in:
Roland Haeder 2017-03-24 21:08:03 +01:00
parent 0e19fdfc71
commit 084dbd6859
No known key found for this signature in database
GPG key ID: B72F8185C6C7BD78

View file

@ -496,14 +496,14 @@ if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) {
$page = $a->page; $page = $a->page;
$profile = $a->profile; $profile = $a->profile;
header("X-Friendica-Version: ".FRIENDICA_VERSION); header("X-Friendica-Version: " . FRIENDICA_VERSION);
header("Content-type: text/html; charset=utf-8"); header("Content-type: text/html; charset=utf-8");
// We use $_GET["mode"] for special page templates. So we will check if we have // We use $_GET["mode"] for special page templates. So we will check if we have
// to load another page template than the default one // to load another page template than the default one
// The page templates are located in /view/php/ or in the theme directory // The page templates are located in /view/php/ or in the theme directory
if (isset($_GET["mode"])) { if (isset($_GET["mode"])) {
$template = theme_include($_GET["mode"].'.php'); $template = theme_include($_GET["mode"] . '.php');
} }
// If there is no page template use the default page template // If there is no page template use the default page template
@ -511,7 +511,8 @@ if (!$template) {
$template = theme_include("default.php"); $template = theme_include("default.php");
} }
require_once($template); /// @TODO Looks unsafe (remote-inclusion), is maybe not but theme_include() uses file_exists() but does not escape anything
require_once $template;
if (!$a->is_backend()) { if (!$a->is_backend()) {
session_write_close(); session_write_close();