- /*
- ** see if someone is attempting to be nasty by trying to get out of the
- ** modules directory, although it probably wouldn't do them any good,
- ** since every module has to end with .mod.php. Still, they deserve
- ** to be warned. ;)
- */
- if (strstr($MOD, '.') || strstr($MOD, '/') || strstr($MOD, '%')){
- echo _("SECURITY BREACH ON DECK 5! CMDR TUVOK AND SECURITY TEAM REQUESTED.");
- exit;
- }
- /* fetch the module now. */
- require_once("$SQSPELL_DIR/modules/$MOD.mod.php");
-?>
\ No newline at end of file
+/**
+ * $MOD is the name of the module to invoke.
+ * If $MOD is undefined, use "init", else check for security
+ * breaches.
+ */
+if(isset($_POST['MOD'])) {
+ $MOD = $_POST['MOD'];
+} elseif (isset($_GET['MOD'])) {
+ $MOD = $_GET['MOD'];
+}
+
+if (!isset($MOD) || !$MOD){
+ $MOD='init';
+} else {
+ sqspell_ckMOD($MOD);
+}
+
+/* Include the module. */
+require_once(SM_PATH . $SQSPELL_DIR . "modules/$MOD.mod");
+
+?>