Project

General

Profile

virtuemart.php

Security Fix: This file is a replacement for /components/com_virtuemart/virtuemart.php - Max Milbers, 02/01/2011 10:29 AM

 
1
<?php 
2
if( !defined( '_VALID_MOS' ) && !defined( '_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' );
3
/**
4
*
5
* @version $Id: virtuemart.php 1526 2008-09-15 19:21:43Z soeren_nb $
6
* @package VirtueMart
7
* @subpackage core
8
* @copyright Copyright (C) 2004-2008 soeren - All rights reserved.
9
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
10
* VirtueMart is free software. This version may have been modified pursuant
11
* to the GNU General Public License, and as distributed it includes or
12
* is derivative of works licensed under the GNU General Public License or
13
* other free or open source software licenses.
14
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
15
*
16
* http://virtuemart.net
17
*/
18

    
19
global $mosConfig_absolute_path, $product_id, $vmInputFilter, $vmLogger;
20
        
21
/* Load the virtuemart main parse code */
22
require_once( dirname(__FILE__) . '/virtuemart_parser.php' );
23

    
24
$my_page= explode ( '.', $page );
25
$modulename = $my_page[0];
26
$pagename = $my_page[1];
27

    
28
$is_popup = vmRequest::getBool( 'pop' );
29

    
30
// Page Navigation Parameters
31
$limit = intval( $vm_mainframe->getUserStateFromRequest( "viewlistlimit{$page}", 'limit', $mosConfig_list_limit ) );
32
$limitstart = intval( $vm_mainframe->getUserStateFromRequest( "view{$keyword}{$category_id}{$pagename}limitstart", 'limitstart', 0 )) ;
33

    
34
/* Get all the other paramters */
35
$search_category= vmRequest::getInt( 'search_category' );
36
// Display just the naked page without toolbar, menu and footer?
37
$only_page = vmRequest::getInt('only_page', 0 );
38

    
39
if( PSHOP_IS_OFFLINE == '1' && !$perm->hasHigherPerms('storeadmin') ) {
40
    echo PSHOP_OFFLINE_MESSAGE;
41
}
42
else {
43
        if( PSHOP_IS_OFFLINE == '1' ) {
44
                echo '<h2>'.$VM_LANG->_('OFFLINE_MODE').'</h2>';
45
        }
46
        if( $is_popup ) {
47
                echo "<style type='text/css' media='print'>.vmNoPrint { display: none }</style>";
48
                echo vmCommonHTML::PrintIcon('', true, ' '.$VM_LANG->_('CMN_PRINT') );
49
        }
50
        
51
        // The Vendor ID is important
52
        $ps_vendor_id = $_SESSION['ps_vendor_id'];
53

    
54
        // The authentication array
55
        $auth = $_SESSION['auth'];
56
        $no_menu = vmRequest::getInt('no_menu', 0 );
57

    
58
        // Timer Start
59
        if ( vmShouldDebug() ) { /*@MWM1: Log/Debug enhancements */
60
                $start = utime();
61
                $GLOBALS["mosConfig_debug"] = 1;
62
        }
63

    
64
        // update the cart because something could have
65
        // changed while running a function
66
        $cart = $_SESSION["cart"];
67

    
68

    
69
        if (( !$pagePermissionsOK || !$funcParams ) && $_REQUEST['page'] != 'checkout.index') {
70

    
71
                if( !$pagePermissionsOK && defined('_VM_PAGE_NOT_AUTH') ) {
72
                        $page = 'checkout.login_form';
73
                        echo '<br/><br/>'.$VM_LANG->_('DO_LOGIN').'<br/><br/>';
74
                }
75
                elseif( !$pagePermissionsOK && defined('_VM_PAGE_NOT_FOUND') ) {
76
                        $page = HOMEPAGE;
77
                }
78
                else {
79
                        $page = $_SESSION['last_page'];
80
                }
81
        }
82

    
83
        $my_page= explode ( '.', $page );
84
        $modulename = $my_page[0];
85
        $pagename = $my_page[1];
86

    
87
        // For there's no errorpage to display the error,
88
        // we must echo it before the page is loaded
89
        if (!empty($error) && $page != ERRORPAGE) {
90
                echo '<span class="shop_error">'.$error.'</span>';
91
        }
92

    
93
        /*****************************
94
        ** FRONTEND ADMIN - MOD
95
        **/
96
        if ( vmIsAdminMode()
97
                && $perm->check("admin,storeadmin")
98
                && ((!stristr($my->usertype, "admin") ^ PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' )
99
                        || stristr($my->usertype, "admin")
100
                        )
101
                && !stristr($page, "shop.")
102
        ) {
103
                
104
                define( '_FRONTEND_ADMIN_LOADED', '1' );
105
                
106
                if( vmIsJoomla(1.5) ) {
107
                        $editor =& JFactory::getEditor();
108
                        echo $editor->initialise();
109
                } else {
110
                        $mainframe->loadEditor = 1;
111
                        require_once( $mosConfig_absolute_path."/editor/editor.php" );
112
                        initEditor();
113
                }
114

    
115
                $editor1_array = Array('product.product_form' => 'product_desc',
116
                'product.product_category_form' => 'category_description',
117
                'store.store_form' => 'vendor_store_desc',
118
                'vendor.vendor_form' => 'vendor_store_desc');
119
                $editor2_array = Array('store.store_form' => 'vendor_terms_of_service',
120
                'vendor.vendor_form' => 'vendor_terms_of_service');
121
                editorScript(isset($editor1_array[$page]) ? $editor1_array[$page] : '', isset($editor2_array[$page]) ? $editor2_array[$page] : '');
122
                
123
                $vm_mainframe->addStyleSheet( VM_THEMEURL .'admin.css' );
124
                $vm_mainframe->addStyleSheet( VM_THEMEURL .'admin.styles.css' );
125
                $vm_mainframe->addScript( "$mosConfig_live_site/components/$option/js/functions.js" );
126
                echo '<table style="width:100%;table-layout:fixed;"><tr>';
127
                if( $no_menu != "1" ) {
128
                        $vmLayout = 'standard';
129
                        echo '<td valign="top" width="15%">';
130
                        // The admin header with dropdown menu
131
                        include( ADMINPATH."header.php" );
132
                        echo '</td>';
133
                }
134
                echo '<td width="80%" valign="top" style="border: 1px solid silver;padding:4px;">';
135
                include( ADMINPATH."toolbar.virtuemart.php" );
136
                echo '<br style="clear:both;" />';
137

    
138
        }
139
        /**
140
        ** END: FRONTEND ADMIN - MOD
141
        *****************************/
142

    
143
        // Here is the most important part of the whole Shop:
144
        // LOADING the requested page for displaying it to the customer.
145
        // I have wrapped it with a function, because it becomes
146
        // cacheable that way.
147
        // It's just an "include" statement which loads the page
148
        $vmDoCaching = ($page=="shop.browse" || $page=="shop.product_details") 
149
                        && (empty($keyword) && empty($keyword1) && empty($keyword2));
150
                
151
        // IE6 PNG transparency fix
152
        $vm_mainframe->addScript( "$mosConfig_live_site/components/$option/js/sleight.js" );
153

    
154
                echo '<div id="vmMainPage">'."\n";
155
                
156
                // Load requested PAGE
157
                if( file_exists( PAGEPATH.$modulename.".".$pagename.".php" )) {
158
                        if( $only_page) {
159
                                require_once( CLASSPATH . 'connectionTools.class.php' );
160
                                vmConnector::sendHeaderAndContent( 200 );
161
                                if( $func ) echo vmCommonHTML::getSuccessIndicator( $ok, $vmDisplayLogger ); /*@MWM1: Log/Debug enhancements*/
162
                                include( PAGEPATH.$modulename.".".$pagename.".php" );
163
                                // Exit gracefully
164
                                $vm_mainframe->close(true);
165
                        }
166
                        include( PAGEPATH.$modulename.".".$pagename.".php" );
167
                }
168
                elseif( file_exists( PAGEPATH . HOMEPAGE.'.php' )) {
169
                        include( PAGEPATH . HOMEPAGE.'.php' );
170
                }
171
            else {
172
                include( PAGEPATH.'shop.index.php');
173
            }
174
            if ( !empty($mosConfig_caching) && $vmDoCaching) {
175
                echo '<span class="small">'.$VM_LANG->_('LAST_UPDATED').': '.strftime( $vendor_date_format ).'</span>';
176
            }
177
            
178
            echo "\n<div id=\"statusBox\" style=\"text-align:center;display:none;visibility:hidden;\"></div></div>\n";
179
            
180
            if(SHOWVERSION && !$is_popup) {
181
                        include(PAGEPATH ."footer.php");
182
            }
183

    
184
                // Set debug option on/off
185
                if (vmShouldDebug()) {  /*@MWM1: Log/Debug enhancements */
186
                        $end = utime();
187
                        $runtime = $end - $start;
188
                        
189
                        include( PAGEPATH . "shop.debug.php" );
190
                }
191

    
192
}
193
$vm_mainframe->close();
194
?>