summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--includes/footer.php2
-rw-r--r--index.php22
2 files changed, 16 insertions, 8 deletions
diff --git a/includes/footer.php b/includes/footer.php
index 7706ccf..599801e 100644
--- a/includes/footer.php
+++ b/includes/footer.php
@@ -31,7 +31,7 @@ print '
<div id="copyright">
<p>The text on this website is licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0/" rel="license">Creative Commons Attribution-Share Alike 3.0 License</a>.</p>
- <p>The code running this website is released under the <a href="http://www.fsf.org/licensing/licenses/agpl.html" rel="license">GNU Affero General Public License</a>. <a href="/download-source.php">Download the source code</a>.</p>
+ <p>The code running this website is released under the <a href="http://www.fsf.org/licensing/licenses/agpl.html" rel="license">GNU Affero General Public License</a>. <a href="/download-source">Download the source code</a>.</p>
</div>
</div>
diff --git a/index.php b/index.php
index e86cf11..29d468c 100644
--- a/index.php
+++ b/index.php
@@ -16,15 +16,12 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-$contentpath = $_SERVER['DOCUMENT_ROOT'] . "/webpages/" . $_SERVER['REQUEST_URI'];
-
-if ( is_dir($contentpath) == TRUE )
- $contentpath .= 'index.php';
+$request = $_SERVER['REQUEST_URI'];
/* Sanitise */
-if (preg_match ( '/\.\./', $contentpath ) || /* don't go up the filesystem */
- preg_match ( '/[\'\"]/', $contentpath )|| /* string terminators */
- preg_match ( '/\\\0/', $contentpath ) ) /* null bytes */
+if (preg_match ( '/\.\./', $request ) || /* don't go up the filesystem */
+ preg_match ( '/[\'\"]/', $request )|| /* string terminators */
+ preg_match ( '/\\\0/', $request ) ) /* null bytes */
{
header('HTTP/1.0 500 Internal Error');
@@ -32,6 +29,17 @@ if (preg_match ( '/\.\./', $contentpath ) || /* don't go up the filesystem */
exit (0);
}
+$contentpath = $_SERVER['DOCUMENT_ROOT'] . '/webpages/' . $request;
+
+/* if nothing exists in webpages directory, try root */
+if ( ! is_dir($contentpath) && ! is_file($contentpath.'.php') )
+ $contentpath = $_SERVER['DOCUMENT_ROOT'] . $request;
+
+if ( is_dir($contentpath) == TRUE )
+ $contentpath .= 'index.php';
+else
+ $contentpath .= '.php';
+
if ( ! is_file($contentpath) )
{
header('HTTP/1.0 404 Not Found');
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 02:33:47 +0000