From 2d7ef655f21d48a90ef8b743759f855d3bf1889e Mon Sep 17 00:00:00 2001
From: harris wong <hwong@ocad.ca>
Date: Wed, 31 Aug 2011 16:10:02 +0000
Subject: [PATCH] 4784: Added a regex check on the file name, allow only
 [0-9]+.html format.  Also added a file_exist() check to ensure the file do
 exist before fetching it.  This restrict the script to only retrieve the
 content of .html file.

---
 docs/get_acheck.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/get_acheck.php b/docs/get_acheck.php
index 74d0071db..c225f6ad0 100644
--- a/docs/get_acheck.php
+++ b/docs/get_acheck.php
@@ -27,17 +27,17 @@ $args = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME']));
 $file = AT_CONTENT_DIR . $args;
 
 //check that this file is within the content directory & exists
+if (preg_match('/^\/[0-9]+\.html$/', $args) === 1) {
+    $real = realpath($file);
+    if (file_exists($real) && substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR) {
+     	header('Content-Type: text/html');
+	    echo file_get_contents($real);
+	    exit;
+	}
+} 
+header('HTTP/1.1 404 Not Found');
+exit;
 
-$real = realpath($file);
 
-if (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR) {
- 	header('Content-Type: text/html');
-	echo file_get_contents($real);
-	exit;
-} else {
-	header('HTTP/1.1 404 Not Found');
-	exit;
-}
 
-
-?>
\ No newline at end of file
+?>
-- 
2.17.1