public function browse_cat($cat_id)
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->fullpath = FILES_DIR . '/themes/news/images/';
// clean up nicely
$this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
$news_arr = News::findByCatId($cat_id);
$category_name = News::getCategoryName($cat_id);
$this->display('news/view_news', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'news_arr' => $news_arr, 'category_name' => $category_name, 'cat_id' => $cat_id));
}