//
// $Id$
//
+error_reporting(0);
require_once 'plc_config.php';
require_once 'plc_session.php';
} else if ($op == 'view') {
$block = array();
- if (!$plc->person) {
+ if ($plc->hide_planetlab_block) {
+ // do nothing
+ // this is a private hook from the Vicci module to hide the planetlab module
+ } else if (!$plc->person) {
// Force login via HTTPS
unset($_GET['time']);
$form['#action'] = "https://" . $_SERVER['HTTP_HOST'] . url($_GET['q'], drupal_get_destination());
$block['content'] .= p( href (l_reset_password(),"Forgot your password?") );
$block['content'] .= p( href(l_person_register(),"Create an account") );
$block['content'] .= p( href(l_site_register(),"File a site registration") );
- } else if (plc_advanced()) {
+ } else {
$block['subject'] = truncate($plc->person['email'],30);
//////////////////// Logout
}
}
+function isValidFileName($file) {
+
+ /* don't allow .. and allow any "word" character \ / */
+
+ return preg_match('/^(((?:\.)(?!\.))|\w)+$/', $file);
+
+}
+
function planetlab_page() {
$path = $_SERVER['DOCUMENT_ROOT'] . preg_replace('/^db\//', '/planetlab/', $_GET['q']);
$output = ob_get_contents();
ob_end_clean();
} else {
- $output = file_get_contents($path);
+ if (isValidFileName($path)) {
+ $output = file_get_contents($path);
+ }
+ else {
+ $output = "";
+ }
}
return $output;
}