*** empty log message ***
diff --git a/article.php b/article.php
index c539a2d..d77455a 100644
--- a/article.php
+++ b/article.php
@@ -22,19 +22,17 @@
#
#****************************************************************************
+ require_once("parts/functions.php");
+
$host = $_SERVER['HTTP_HOST'];
$root = $_SERVER['DOCUMENT_ROOT'] . '/articles';
$file = $_GET['file'];
-
+
+ // If the requested article does not exist, redirect to a warning page.
+ if (!is_valid_article_file($file)) $file = "nosucharticle.html";
+
$article_path = "$root/$file";
- // If the requested article does not exist, redirect to a warning page.
- if (!file_exists($article_path)) {
- $file = "nosucharticle.html";
- $article_path = "$root/$file";
- }
-
- require_once("parts/functions.php");
$info_file = dirname($article_path) . '/info.xml';
if (file_exists($info_file)) {
diff --git a/parts/functions.php b/parts/functions.php
index 8ae973b..da7b232 100644
--- a/parts/functions.php
+++ b/parts/functions.php
@@ -9,6 +9,51 @@
* Contributors:
* Wayne Beaton (Eclipse Foundation)- initial API and implementation
*******************************************************************************/
+
+/*
+ * Let's not make things any harder then they need to be. For our purposes,
+ * a valid file name will always be the name of a subdirectory of $root,
+ * followed by a forward slash, and the name of a file.
+ */
+function is_valid_article_file(&$path) {
+ global $root;
+
+ $parts = split('/', $path);
+ if (count($parts) != 2) return false;
+ $directory = $parts[0];
+ $file = $parts[1];
+
+ if (!is_actual_article_directory($directory)) return false;
+ if (!file_exists("$root/$directory/$file")) return false;
+
+ return true;
+}
+
+/*
+ * Sure, we could just do an is_dir call, but I'm being extra paranoid.
+ * Since we're only breaking on a backslash, I am somewhat concerned that
+ * some future version of PHP might be smart enough to automatically handle
+ * backslashes in file names, or some other sort of silliness. So... either
+ * the first part of the $file, is the name of an actual subdirectory of
+ * "/articles", or it is not.
+ */
+function is_actual_article_directory(&$directory_name) {
+ global $root;
+
+ if ($directory == ".") return false;
+ if ($directory == "..") return false;
+
+ $dir_handle = @opendir($root);
+ while ($file = readdir($dir_handle)) {
+ if ($directory_name == $file) {
+ closedir($dir_handle);
+ return true;
+ }
+ }
+ closedir($dir_handle);
+ return false;
+}
+
function get_title_from_html_document(&$file_name) {
$header = get_header_from_html_document($file_name);
diff --git a/printable.php b/printable.php
index a09eb5f..e0ba13d 100644
--- a/printable.php
+++ b/printable.php
@@ -26,7 +26,7 @@
$file = $_GET['file'];
// If the requested article does not exist, redirect to a warning page.
- if (!file_exists("$root/$file")) $file = 'nosucharticle.html';
+ if (!is_valid_article_file($file)) $file = "nosucharticle.html";
$host = $_SERVER['HTTP_HOST'];
#
