a/b // redirect to default page if no one is given: $default_page = 'documentation/start.htm'; if(empty($filename)) { header("Location: $_SERVER[PHP_SELF]/$default_page"); exit; } // check if filename is correct $jail_dir = realpath('../'); # don't display files higher than parental dir $file_path = realpath('../'.$filename); #var_dump(substr($file_path, -3, 3), $filename, $file_path, $jail_dir); if(0 !== strncmp($file_path, $jail_dir, strlen($jail_dir)) || substr($file_path, -3, 3) != 'htm') { // user want's display file higher than parental dir // or file is not a *.htm file // then Redirect to file! Apache will handle error ;-) header("Location: $_SERVER[SCRIPT_NAME]/../../$filename"); echo "Won't make file $filename beautiful\nRefering to that file...\n"; exit; } // parse file until
start.. $handle = @fopen("../$filename", 'r'); if(!$handle) { header("HTTP/1.0 403 Forbidden"); print "Must not open $filename\n."; exit; } while(!feof($handle)) { if(strpos(fgets($handle), "