projects
/
atutor.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
9cad793
)
4784: Added a regex check on the file name, allow only [0-9]+.html format. Also...
author
harris wong
<hwong@ocad.ca>
Wed, 31 Aug 2011 16:10:02 +0000
(16:10 -0000)
committer
harris wong
<hwong@ocad.ca>
Wed, 31 Aug 2011 16:10:02 +0000
(16:10 -0000)
docs/get_acheck.php
patch
|
blob
|
history
diff --git
a/docs/get_acheck.php
b/docs/get_acheck.php
index
74d0071
..
c225f6a
100644
(file)
--- a/
docs/get_acheck.php
+++ b/
docs/get_acheck.php
@@
-27,17
+27,17
@@
$args = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME']));
$file = AT_CONTENT_DIR . $args;
//check that this file is within the content directory & exists
$file = AT_CONTENT_DIR . $args;
//check that this file is within the content directory & exists
+if (preg_match('/^\/[0-9]+\.html$/', $args) === 1) {
+ $real = realpath($file);
+ if (file_exists($real) && substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR) {
+ header('Content-Type: text/html');
+ echo file_get_contents($real);
+ exit;
+ }
+}
+header('HTTP/1.1 404 Not Found');
+exit;
-$real = realpath($file);
-if (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR) {
- header('Content-Type: text/html');
- echo file_get_contents($real);
- exit;
-} else {
- header('HTTP/1.1 404 Not Found');
- exit;
-}
-
-?>
\ No newline at end of file
+?>