Enable looking in root for content

Update download-source link to remove extension
Look in the root directory if a file is not found in webpages/
Tighten up sanitation slightly

1 files changed, 15 insertions, 7 deletions

diff --git a/index.php b/index.php
index e86cf11..29d468c 100644
--- a/index.php
+++ b/index.php
@@ -16,15 +16,12 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-$contentpath = $_SERVER['DOCUMENT_ROOT'] . "/webpages/" . $_SERVER['REQUEST_URI'];
-
-if ( is_dir($contentpath) == TRUE )
-	$contentpath .= 'index.php';
+$request = $_SERVER['REQUEST_URI'];
 
 /* Sanitise */
-if (preg_match ( '/\.\./', $contentpath )  || /* don't go up the filesystem */
-	preg_match ( '/[\'\"]/', $contentpath )|| /* string terminators */
-	preg_match ( '/\\\0/', $contentpath ) )   /* null bytes */
+if (preg_match ( '/\.\./', $request )  || /* don't go up the filesystem */
+	preg_match ( '/[\'\"]/', $request )|| /* string terminators */
+	preg_match ( '/\\\0/', $request ) )   /* null bytes */
 
 {
 	header('HTTP/1.0 500 Internal Error');
@@ -32,6 +29,17 @@ if (preg_match ( '/\.\./', $contentpath )  || /* don't go up the filesystem */
 	exit (0);
 }
 
+$contentpath = $_SERVER['DOCUMENT_ROOT'] . '/webpages/' . $request;
+
+/* if nothing exists in webpages directory, try root */
+if ( ! is_dir($contentpath) && ! is_file($contentpath.'.php') )
+	$contentpath = $_SERVER['DOCUMENT_ROOT'] . $request;
+
+if ( is_dir($contentpath) == TRUE )
+	$contentpath .= 'index.php';
+else
+	$contentpath .= '.php';
+
 if ( ! is_file($contentpath) )
 {
 	header('HTTP/1.0 404 Not Found');