Skip to content

Commit 567bc33

Browse files
author
arha
committed
hardened index against malicious ?p= attacks
1 parent 7cee6e4 commit 567bc33

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

Diff for: index.php

+12-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,18 @@
88
</div>
99
<div class="center hflex">
1010
<div class="page">
11-
<?php include('pages/' . array_merge(array('p'=>'home'), $_GET)['p'] . '.html.part'); ?>
11+
<?php
12+
$page_spec = array_merge(array('p'=>'home'), $_GET)['p'];
13+
14+
if (strpos($page_spec, '/') === false)
15+
{
16+
include("{$_SERVER['DOCUMENT_ROOT']}/pages/$page_spec.html.part");
17+
}
18+
else
19+
{
20+
echo 'no one here but us chickens';
21+
}
22+
?>
1223
</div>
1324
<div class="sidebar">
1425
<?php include('parts/sidebar.html.part'); ?>

0 commit comments

Comments
 (0)