$default_file = "welcome.html"; //set default file
$doc_path = "./"; //set parent path
$docs=$HTTP_GET_VARS['content']; //get content
$new_doc = split("\.\.\/",$docs); //parse by "../"
//ceck if it is empty
if ($new_doc[0] == "") {
$new_doc[0] = $default_file;
}
//find to see if starts with a .
$pos = strpos($new_doc[0], ".");
// if posiition is at 0 need === not ==.
if ($pos === 0) {
// someon trying to access hidden files.
$new_doc[0] = $default_file;
}
$new_file_path = "$doc_path"."$new_doc[0]"; //set the path to the file.
//check to see if it exists.
//If it is valid html file, the path will always in array cell 0
if(!file_exists($new_file_path)) {
$new_file_path = $default_file;
}
//include content
if(!@include ($new_file_path)){
echo "Default file not found.";
}
?>
|