summaryrefslogtreecommitdiff
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rwxr-xr-xindex.php11
1 files changed, 7 insertions, 4 deletions
diff --git a/index.php b/index.php
index 73582ea..9fab2d8 100755
--- a/index.php
+++ b/index.php
@@ -16,9 +16,12 @@ if($_GET['p'] != '') {
// and ../) to prevent people from abusing the query string.
$post = basename($post);
-if($post == "" && file_exists('html/index.html')) {
- // if a post isn't specified
- print(file_get_contents('html/index.html'));
+// If post is not specified, default to 'index'
+if($post == '') { $post = "index"; }
+
+if($post[0] == '.' || $post[0] == '/') {
+ // Prevent access to any pages starting with '.' or '/'
+ print("<p>Error: the page you have requested does not exist.</p>");
} elseif(file_exists('html/' . $post . '.html')) {
// Get the first line
$f = fopen('posts/' . $post . '.adoc', 'r');
@@ -30,7 +33,7 @@ if($post == "" && file_exists('html/index.html')) {
// Get and print post body
print(file_get_contents('html/' . $post . '.html'));
} else {
- print("Error: the page you have requested does not exist.");
+ print("<p>Error: the page you have requested does not exist.</p>");
}
print(file_get_contents('res/footer.html'));

Generated by cgit