* @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 7698 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ define('_PS_ADMIN_DIR_', getcwd()); define('PS_ADMIN_DIR', _PS_ADMIN_DIR_); // Retro-compatibility include(PS_ADMIN_DIR.'/../config/config.inc.php'); include(PS_ADMIN_DIR.'/functions.php'); include(PS_ADMIN_DIR.'/header.inc.php'); if (empty($tab) and !sizeof($_POST)) { $tab = 'AdminHome'; $_POST['tab'] = 'AdminHome'; $_POST['token'] = Tools::getAdminTokenLite($tab); } if ($id_tab = checkingTab($tab)) { $isoUser = Language::getIsoById(intval($cookie->id_lang)); $tabs = array(); recursiveTab($id_tab); $tabs = array_reverse($tabs); $bread = ''; foreach ($tabs AS $key => $item) $bread .= ' '.((sizeof($tabs) - 1 > $key) ? '' : '').' '.$item['name'].((sizeof($tabs) - 1 > $key) ? '' : ''); // @TODO : a way to desactivate this feature echo''; echo '
'.translate('Back Office').' '.$bread.'
'; if (Validate::isLoadedObject($adminObj)) { if ($adminObj->checkToken()) { /* Filter memorization */ if (isset($_POST) AND !empty($_POST) AND isset($adminObj->table)) foreach ($_POST AS $key => $value) if (is_array($adminObj->table)) { foreach ($adminObj->table AS $table) if (strncmp($key, $table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) $cookie->$key = !is_array($value) ? $value : serialize($value); } elseif (strncmp($key, $adminObj->table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) $cookie->$key = !is_array($value) ? $value : serialize($value); if (isset($_GET) AND !empty($_GET) AND isset($adminObj->table)) foreach ($_GET AS $key => $value) if (is_array($adminObj->table)) { foreach ($adminObj->table AS $table) if (strncmp($key, $table.'OrderBy', 7) === 0 OR strncmp($key, $table.'Orderway', 8) === 0) $cookie->$key = $value; } elseif (strncmp($key, $adminObj->table.'OrderBy', 7) === 0 OR strncmp($key, $adminObj->table.'Orderway', 12) === 0) $cookie->$key = $value; $adminObj->displayConf(); $adminObj->postProcess(); $adminObj->displayErrors(); $adminObj->display(); } else { // If this is an XSS attempt, then we should only display a simple, secure page ob_clean(); // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); if (false === strpos($url, '?token=') AND false === strpos($url, '&token=')) $url .= '&token='.$adminObj->token; $message = translate('Invalid security token'); echo ''.$message.'
'.$message.'
'; echo ' '; die; } } } include(PS_ADMIN_DIR.'/footer.inc.php');