.
*/
$request = $_SERVER['REQUEST_URI'];
/* Sanitise */
if (preg_match ( '/\.\./', $request ) || /* don't go up the filesystem */
preg_match ( '/[\'\"]/', $request )|| /* string terminators */
preg_match ( '/\\\0/', $request ) ) /* null bytes */
{
header('HTTP/1.0 500 Internal Error');
echo "Error
";
exit (0);
}
$contentpath = $_SERVER['DOCUMENT_ROOT'] . '/webpages/' . $request;
/* if nothing exists in webpages directory, try root */
if ( ! is_dir($contentpath) && ! is_file($contentpath.'.php') )
$contentpath = $_SERVER['DOCUMENT_ROOT'] . $request;
if ( is_dir($contentpath) == TRUE )
$contentpath .= 'index.php';
else
$contentpath .= '.php';
if ( ! is_file($contentpath) )
{
header('HTTP/1.0 404 Not Found');
echo "Not Found
";
exit (0);
}
include($_SERVER['DOCUMENT_ROOT'] . "/includes/header.php");
include($contentpath);
xhtml_header($title);
print($body);
include($_SERVER['DOCUMENT_ROOT'] . "/includes/footer.php");
page_footer($contentpath);
?>