Improve handling so symbolic links are no longer needed

3 files changed, 30 insertions, 2 deletions

diff --git a/.gitignore b/.gitignore
index 36c6ef3..0b6bd61 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,5 @@ scripts/
 *.gpg.asc
 
 # contains installation specific information
-.htaccess
 robots.txt
 
diff --git a/.htaccess b/.htaccess
new file mode 100755
index 0000000..2509095
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,6 @@
+AddDefaultCharset utf-8
+AddHandler default-handler .py
+
+RewriteEngine On
+RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
+RewriteRule . /index.php
diff --git a/index.php b/index.php
index 867b6d5..e0741d2 100644
--- a/index.php
+++ b/index.php
@@ -16,9 +16,32 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+$contentpath = $_SERVER['DOCUMENT_ROOT'] . "/text/" . $_SERVER['REQUEST_URI'];
+
+if ( is_dir($contentpath) == TRUE )
+	$contentpath .= 'index.php';
+
+/* Sanitise */
+if (preg_match ( '/\.\./', $contentpath )  || /* don't go up the filesystem */
+	preg_match ( '/[\'\"]/', $contentpath )|| /* string terminators */
+	preg_match ( '/\\\0/', $contentpath ) )   /* null bytes */
+
+{
+	header('HTTP/1.0 500 Internal Error');
+	echo "<h1>Error</h1>";
+	exit (0);
+}
+
+if ( ! is_file($contentpath) )
+{
+	header('HTTP/1.0 404 Not Found');
+	echo "<h1>Not Found</h1>";
+	exit (0);
+}
+
 include($_SERVER['DOCUMENT_ROOT'] . "/includes/header.php");
 
-include($_SERVER['DOCUMENT_ROOT'] . "/text/" . $_SERVER['PHP_SELF']);
+include($contentpath);
 
 xhtml_header($title);