Project

General

Profile

Files » virtuemart.php

Security Fix: This file is a replacement for /components/com_virtuemart/virtuemart.php - Max Milbers, 02/01/2011 10:29 AM

 
<?php
if( !defined( '_VALID_MOS' ) && !defined( '_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' );
/**
*
* @version $Id: virtuemart.php 1526 2008-09-15 19:21:43Z soeren_nb $
* @package VirtueMart
* @subpackage core
* @copyright Copyright (C) 2004-2008 soeren - All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
* VirtueMart is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/

global $mosConfig_absolute_path, $product_id, $vmInputFilter, $vmLogger;
/* Load the virtuemart main parse code */
require_once( dirname(__FILE__) . '/virtuemart_parser.php' );

$my_page= explode ( '.', $page );
$modulename = $my_page[0];
$pagename = $my_page[1];

$is_popup = vmRequest::getBool( 'pop' );

// Page Navigation Parameters
$limit = intval( $vm_mainframe->getUserStateFromRequest( "viewlistlimit{$page}", 'limit', $mosConfig_list_limit ) );
$limitstart = intval( $vm_mainframe->getUserStateFromRequest( "view{$keyword}{$category_id}{$pagename}limitstart", 'limitstart', 0 )) ;

/* Get all the other paramters */
$search_category= vmRequest::getInt( 'search_category' );
// Display just the naked page without toolbar, menu and footer?
$only_page = vmRequest::getInt('only_page', 0 );

if( PSHOP_IS_OFFLINE == '1' && !$perm->hasHigherPerms('storeadmin') ) {
echo PSHOP_OFFLINE_MESSAGE;
}
else {
if( PSHOP_IS_OFFLINE == '1' ) {
echo '<h2>'.$VM_LANG->_('OFFLINE_MODE').'</h2>';
}
if( $is_popup ) {
echo "<style type='text/css' media='print'>.vmNoPrint { display: none }</style>";
echo vmCommonHTML::PrintIcon('', true, ' '.$VM_LANG->_('CMN_PRINT') );
}
// The Vendor ID is important
$ps_vendor_id = $_SESSION['ps_vendor_id'];

// The authentication array
$auth = $_SESSION['auth'];
$no_menu = vmRequest::getInt('no_menu', 0 );

// Timer Start
if ( vmShouldDebug() ) { /*@MWM1: Log/Debug enhancements */
$start = utime();
$GLOBALS["mosConfig_debug"] = 1;
}

// update the cart because something could have
// changed while running a function
$cart = $_SESSION["cart"];


if (( !$pagePermissionsOK || !$funcParams ) && $_REQUEST['page'] != 'checkout.index') {

if( !$pagePermissionsOK && defined('_VM_PAGE_NOT_AUTH') ) {
$page = 'checkout.login_form';
echo '<br/><br/>'.$VM_LANG->_('DO_LOGIN').'<br/><br/>';
}
elseif( !$pagePermissionsOK && defined('_VM_PAGE_NOT_FOUND') ) {
$page = HOMEPAGE;
}
else {
$page = $_SESSION['last_page'];
}
}

$my_page= explode ( '.', $page );
$modulename = $my_page[0];
$pagename = $my_page[1];

// For there's no errorpage to display the error,
// we must echo it before the page is loaded
if (!empty($error) && $page != ERRORPAGE) {
echo '<span class="shop_error">'.$error.'</span>';
}

/*****************************
** FRONTEND ADMIN - MOD
**/
if ( vmIsAdminMode()
&& $perm->check("admin,storeadmin")
&& ((!stristr($my->usertype, "admin") ^ PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' )
|| stristr($my->usertype, "admin")
)
&& !stristr($page, "shop.")
) {
define( '_FRONTEND_ADMIN_LOADED', '1' );
if( vmIsJoomla(1.5) ) {
$editor =& JFactory::getEditor();
echo $editor->initialise();
} else {
$mainframe->loadEditor = 1;
require_once( $mosConfig_absolute_path."/editor/editor.php" );
initEditor();
}

$editor1_array = Array('product.product_form' => 'product_desc',
'product.product_category_form' => 'category_description',
'store.store_form' => 'vendor_store_desc',
'vendor.vendor_form' => 'vendor_store_desc');
$editor2_array = Array('store.store_form' => 'vendor_terms_of_service',
'vendor.vendor_form' => 'vendor_terms_of_service');
editorScript(isset($editor1_array[$page]) ? $editor1_array[$page] : '', isset($editor2_array[$page]) ? $editor2_array[$page] : '');
$vm_mainframe->addStyleSheet( VM_THEMEURL .'admin.css' );
$vm_mainframe->addStyleSheet( VM_THEMEURL .'admin.styles.css' );
$vm_mainframe->addScript( "$mosConfig_live_site/components/$option/js/functions.js" );
echo '<table style="width:100%;table-layout:fixed;"><tr>';
if( $no_menu != "1" ) {
$vmLayout = 'standard';
echo '<td valign="top" width="15%">';
// The admin header with dropdown menu
include( ADMINPATH."header.php" );
echo '</td>';
}
echo '<td width="80%" valign="top" style="border: 1px solid silver;padding:4px;">';
include( ADMINPATH."toolbar.virtuemart.php" );
echo '<br style="clear:both;" />';

}
/**
** END: FRONTEND ADMIN - MOD
*****************************/

// Here is the most important part of the whole Shop:
// LOADING the requested page for displaying it to the customer.
// I have wrapped it with a function, because it becomes
// cacheable that way.
// It's just an "include" statement which loads the page
$vmDoCaching = ($page=="shop.browse" || $page=="shop.product_details")
&& (empty($keyword) && empty($keyword1) && empty($keyword2));
// IE6 PNG transparency fix
$vm_mainframe->addScript( "$mosConfig_live_site/components/$option/js/sleight.js" );

echo '<div id="vmMainPage">'."\n";
// Load requested PAGE
if( file_exists( PAGEPATH.$modulename.".".$pagename.".php" )) {
if( $only_page) {
require_once( CLASSPATH . 'connectionTools.class.php' );
vmConnector::sendHeaderAndContent( 200 );
if( $func ) echo vmCommonHTML::getSuccessIndicator( $ok, $vmDisplayLogger ); /*@MWM1: Log/Debug enhancements*/
include( PAGEPATH.$modulename.".".$pagename.".php" );
// Exit gracefully
$vm_mainframe->close(true);
}
include( PAGEPATH.$modulename.".".$pagename.".php" );
}
elseif( file_exists( PAGEPATH . HOMEPAGE.'.php' )) {
include( PAGEPATH . HOMEPAGE.'.php' );
}
else {
include( PAGEPATH.'shop.index.php');
}
if ( !empty($mosConfig_caching) && $vmDoCaching) {
echo '<span class="small">'.$VM_LANG->_('LAST_UPDATED').': '.strftime( $vendor_date_format ).'</span>';
}
echo "\n<div id=\"statusBox\" style=\"text-align:center;display:none;visibility:hidden;\"></div></div>\n";
if(SHOWVERSION && !$is_popup) {
include(PAGEPATH ."footer.php");
}

// Set debug option on/off
if (vmShouldDebug()) { /*@MWM1: Log/Debug enhancements */
$end = utime();
$runtime = $end - $start;
include( PAGEPATH . "shop.debug.php" );
}

}
$vm_mainframe->close();
?>
(7-7/7)