* Copyright 2004 (c) GForge LLC
* Copyright 2006 (c) Fabien Regnier - Sogeti
* Copyright 2010-2011, Franck Villaume - Capgemini
+ * Copyright 2023, Franck Villaume - TrivialDev
*
* This file is part of FusionForge.
*
exit_error(sprintf(_('First activate the %s plugin through the Project\'s Admin Interface'), $pluginExtSubProj->name), 'home');
}
$action = getStringFromRequest('action');
- if($action) {
- switch ($action) {
- case 'delExtSubProj':
- case 'addExtSubProj': {
- global $gfplugins;
- include($gfplugins.$pluginExtSubProj->name.'/actions/'.$action.'.php');
- break;
- }
- default: {
- $pluginExtSubProj->redirect($_SERVER['HTTP_REFERER'], 'error_msg', _('Unknown action.'));
- break;
- }
- }
+ $actions_whitelist_array = array('delExtSubProj',
+ 'addExtSubProj');
+ if (in_array($action, $actions_whitelist_array)) {
+ include($gfplugins.$pluginExtSubProj->name.'/actions/'.$action.'.php');
}
+
// params needed by site_project_header() inside getHeader()
$params = array(
'toptab' => $pluginExtSubProj->name,
/**
* FusionForge Diary aka Blog feature
*
- * Copyright 2019, Franck Villaume - TrivialDev
+ * Copyright 2019,2023, Franck Villaume - TrivialDev
* http://fusionforge.org
*
* This file is part of FusionForge. FusionForge is free software;
/* everything sounds ok, now let's do the job */
$action = getStringFromRequest('action');
-if (file_exists(forge_get_config('source_path').'/common/diary/actions/'.$action.'.php')) {
- include(forge_get_config('source_path').'/common/diary/actions/'.$action.'.php');
+$actions_whitelist_array = array();
+if (in_array($action, $actions_whitelist_array)) {
+ include($gfcommon.'diary/actions/'.$action.'.php');
}
$title = _('Diary and Notes for') . ' ' . $diaryNoteFactoryObject->getUser()->getRealName();
/**
* Project Index page
*
- * Copyright 2019, Franck Villaume - TrivialDev
+ * Copyright 2019,2023, Franck Villaume - TrivialDev
* http://fusionforge.org/
*
* This file is part of FusionForge. FusionForge is free software;
/* everything sounds ok, now let's do the job */
$action = getStringFromRequest('action');
-if (file_exists(forge_get_config('source_path').'/common/project/actions/'.$action.'.php')) {
+$actions_whitelist_array = array('pointer_down',
+ 'pointer_up');
+if (in_array($action, $actions_whitelist_array)) {
include(forge_get_config('source_path').'/common/project/actions/'.$action.'.php');
}