diff --git a/include/class_standAlonePage.inc b/include/class_standAlonePage.inc
index be278aca593c8ab1e7b618a2b6a1da13ac4cb879..cc4b012e1b456c7b5d73e241deb3c678fe88984a 100644
--- a/include/class_standAlonePage.inc
+++ b/include/class_standAlonePage.inc
@@ -94,16 +94,47 @@ class standAlonePage {
if ($this->interactive) {
Language::init();
+ $ui = new userinfoNoAuth(get_class($this));
+ session::global_set('ui', $ui);
+
if (session::global_is_set('plist')) {
session::global_un_set('plist');
}
- $ui = new userinfoNoAuth(get_class($this));
pluglist::load();
$ssl = $this->checkForSSL();
}
}
+ function init()
+ {
+ global $config, $ssl, $ui;
+
+ reset_errors();
+
+ static::securityHeaders();
+
+ CSRFProtection::check();
+
+ $ui = session::global_get('ui');
+ $config = session::global_get('config');
+
+ /* If SSL is forced, just forward to the SSL enabled site */
+ if (($config->get_cfg_value('forcessl') == 'TRUE') && ($ssl != '')) {
+ header ("Location: $ssl");
+ exit;
+ }
+
+ timezone::setDefaultTimezoneFromConfig();
+
+ Language::init();
+
+ $this->setupSmarty();
+
+ /* Prepare plugin list */
+ pluglist::load();
+ }
+
function loadConfig()
{
global $BASE_DIR;
@@ -155,6 +186,7 @@ class standAlonePage {
$smarty->assign('rtl', Language::isRTL($lang));
$smarty->assign('must', '<span class="must">*</span>');
$smarty->assign('usePrototype', 'FALSE');
+ $smarty->assign('CSRFtoken', CSRFProtection::getToken());
}
function assignSmartyVars()
@@ -239,6 +271,22 @@ class standAlonePage {
return preg_replace('/^&/', '?', $params);
}
+ static function run()
+ {
+ session::start();
+
+ $class = get_called_class();
+ if (session::is_set('standAlonePage_'.$class)) {
+ $page = session::get('standAlonePage_'.$class);
+ $page->init();
+ } else {
+ $page = new $class();
+ }
+ session::set('standAlonePage_'.$class, $page);
+
+ $page->execute();
+ }
+
static function securityHeaders()
{
header('X-XSS-Protection: 1; mode=block');