a/b // redirect to default page if no one is given: $default_page = $doc.'/start.htm'; if(empty($filename)) { header("Location: $_SERVER[PHP_SELF]/$default_page"); exit; } // check if filename is correct $jail_dir = realpath('../'); # don't display files higher than parental dir $file_path = realpath('../'.$filename); $extension = substr(strrchr($file_path, '.'),1); $good_extensions = array('c', 'cpp', 'pl', 'htm', 'txt'); #var_dump($extension, $filename, $file_path, $jail_dir, $good_extensions, in_array($extension, $good_extensions)); exit(); if(0 !== strncmp($file_path, $jail_dir, strlen($jail_dir)) || !in_array($extension, $good_extensions) || !is_readable('../'.$filename) ) { // user want's display file higher than parental dir // or file is not a nice file (like *.htm) or file is not // readable, then Redirect to file! Apache will handle error ;-) header("Location: $_SERVER[SCRIPT_NAME]/../../$filename"); echo "Won't make file $filename beautiful\nRefering to that file...\n"; exit; } // since PHP cannot initialize global variables on an intelligent way: $exec_action = $extension=='htm' ? 'display_file' : 'syntax_highlight_file'; function display_file($filename) { // display HTML file. // parse file until
starts... $handle = fopen("../$filename", 'r'); if(!$handle) { print "Error at opening $filename\n"; exit; } while(!feof($handle)) { if(strpos(fgets($handle), "load_from_file("../$filename"); $geshi->enable_line_numbers(GESHI_NORMAL_LINE_NUMBERS); echo "$filename