.
*/
$request = $_SERVER['REQUEST_URI'];
/* Sanitise */
if (preg_match ( '/\.\./', $request ) || /* don't go up the filesystem */
preg_match ( '/[\'\"]/', $request )|| /* string terminators */
preg_match ( '/\\\0/', $request ) ) /* null bytes */
{
header('HTTP/1.0 500 Internal Error');
echo "Error
";
exit (0);
}
$contentpath = $_SERVER['DOCUMENT_ROOT'] . '/webpages/' . $request;
$webpage = true;
/* if nothing exists in webpages directory, try root */
if ( ! is_dir($contentpath) && ! is_file($contentpath.'.php') )
{
$contentpath = $_SERVER['DOCUMENT_ROOT'] . $request;
$webpage = false;
}
if ( is_dir($contentpath) == TRUE )
$contentpath .= 'index.php';
else
$contentpath .= '.php';
if ( ! is_file($contentpath) )
{
header('HTTP/1.0 404 Not Found');
echo "Not Found
";
exit (0);
}
if($webpage)
{
include($_SERVER['DOCUMENT_ROOT'] . "/includes/render-webpage.php");
/* todo: base the function to use on content negotiation */
render_xhtml($contentpath);
}
else
include($contentpath);
?>