Skip to content
Permalink
Browse files Browse the repository at this point in the history
hardened index against malicious ?p= attacks
  • Loading branch information
arha committed Oct 28, 2014
1 parent 7cee6e4 commit 567bc33
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion index.php
Expand Up @@ -8,7 +8,18 @@
</div>
<div class="center hflex">
<div class="page">
<?php include('pages/' . array_merge(array('p'=>'home'), $_GET)['p'] . '.html.part'); ?>
<?php
$page_spec = array_merge(array('p'=>'home'), $_GET)['p'];

if (strpos($page_spec, '/') === false)
{
include("{$_SERVER['DOCUMENT_ROOT']}/pages/$page_spec.html.part");
}
else
{
echo 'no one here but us chickens';
}
?>
</div>
<div class="sidebar">
<?php include('parts/sidebar.html.part'); ?>
Expand Down

0 comments on commit 567bc33

Please sign in to comment.