if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
exit();
}
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'],'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key))) {
include("language/lang-".$lang.".php");
die(""._HTMLTAGSNOTALLOWEDPROTECT."");
}
}
}
//nasledujici uprava (if s $op) je pro umozneni vkladani javascriptu apod.
//pri posilani clanku
//pri nahledu clanku
//pri editaci clanku
//pri editaci naplanovaneho clanku
//pri zmenene hlavniho nastaveni v administraci
//pri vytvareni bloku
//pri uprave bloku
if($PHP_SELF != "admin.php") {
if($op != "PostAdminStory" AND $op != "PreviewAdminStory" AND $op != "ChangeStory" AND $op != "autoSaveEdit" AND $op != "ConfigSave" AND $op != "BlocksAdd" AND $op != "BlocksEditSave" AND $op != "PreviewAgain" AND $op != "PostStory" AND $op != "EditStory") {
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
include("language/lang-".$lang.".php");
die(""._HTMLTAGSNOTALLOWEDPROTECT."");
}
}
}
}
if (eregi("mainfile.php", $_SERVER['SCRIPT_NAME'])) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
$sql = "SELECT active FROM ".$prefix."_modules WHERE title='$module'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$act = $row[active];
$act = intval($row['active']);
if (!$result OR $act == 0) {
return 0;
} else {
return 1;
}
}
function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if ($url == "") {
if ($blockfile == "") {
if ($side == "c") {
themecenterbox($title, $content);
} elseif ($side == "d") {
themecenterbox($title, $content);
} else {
themesidebox($title, $content);
}
} else {
if ($side == "c") {
blockfileinc($title, $blockfile, 1);
} elseif ($side == "d") {
blockfileinc($title, $blockfile, 1);
} else {
blockfileinc($title, $blockfile);
}
}
} else {
if ($side == "c" OR $side == "d") {
headlines($bid,1);
} else {
headlines($bid);
}
}
}
function blocks($side) {
global $storynum, $prefix, $multilingual, $currentlang, $db, $admin, $user;
if ($multilingual == 1) {
$querylang = "AND (blanguage='$currentlang' OR blanguage='')";
} else {
$querylang = "";
}
if (strtolower($side[0]) == "l") {
$pos = "l";
} elseif (strtolower($side[0]) == "r") {
$pos = "r";
} elseif (strtolower($side[0]) == "c") {
$pos = "c";
} elseif (strtolower($side[0]) == "d") {
$pos = "d";
}
$side = $pos;
$sql = "SELECT bid, bkey, title, content, url, blockfile, view FROM ".$prefix."_blocks WHERE bposition='$pos' AND active='1' $querylang ORDER BY weight ASC";
if ($lastversion > $installed_system_version_cache AND $installed_system_version_cache != "" AND $lastversion > str_replace(".", "", SYSTEM_VERSION_INT)) {