Improve handling so symbolic links are no longer needed

author: Nick White <git@njw.me.uk> 2009-09-10 21:42:47 +0100
committer: Nick White <git@njw.me.uk> 2009-09-10 21:42:47 +0100
commit: 7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16 (patch)
tree: 7477d67b5a80c2ee3b019dc73201c6bcee3ac82c /index.php
parent: 5c53ca7c669f9165a6cda384fdb53efadb4874dd (diff)
download: njw-website-source-7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16.tar.bz2
njw-website-source-7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16.zip
1 files changed, 24 insertions, 1 deletions
diff --git a/index.php b/index.php
index 867b6d5..e0741d2 100644
--- a/index.php
+++ b/index.php
@@ -16,9 +16,32 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+$contentpath = $_SERVER['DOCUMENT_ROOT'] . "/text/" . $_SERVER['REQUEST_URI'];
+
+if ( is_dir($contentpath) == TRUE )
+	$contentpath .= 'index.php';
+
+/* Sanitise */
+if (preg_match ( '/\.\./', $contentpath )  || /* don't go up the filesystem */
+	preg_match ( '/[\'\"]/', $contentpath )|| /* string terminators */
+	preg_match ( '/\\\0/', $contentpath ) )   /* null bytes */
+
+{
+	header('HTTP/1.0 500 Internal Error');
+	echo "<h1>Error</h1>";
+	exit (0);
+}
+
+if ( ! is_file($contentpath) )
+{
+	header('HTTP/1.0 404 Not Found');
+	echo "<h1>Not Found</h1>";
+	exit (0);
+}
+
 include($_SERVER['DOCUMENT_ROOT'] . "/includes/header.php");
 
-include($_SERVER['DOCUMENT_ROOT'] . "/text/" . $_SERVER['PHP_SELF']);
+include($contentpath);
 
 xhtml_header($title);
author	Nick White <git@njw.me.uk>	2009-09-10 21:42:47 +0100
committer	Nick White <git@njw.me.uk>	2009-09-10 21:42:47 +0100
commit	7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16 (patch)
tree	7477d67b5a80c2ee3b019dc73201c6bcee3ac82c /index.php
parent	5c53ca7c669f9165a6cda384fdb53efadb4874dd (diff)
download	njw-website-source-7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16.tar.bz2 njw-website-source-7d617fbd3b11f20c7f3f0efa7e76b19da87ffb16.zip