X-Git-Url: http://positon.org/gitweb/?a=blobdiff_plain;f=index.php;h=61b22d6148b968145a72a935e9ba7139cd38a7ba;hb=2036c6117c86162d1b52f2f1c94c80278e64a446;hp=e6ab0c1e2e1c5b5b94ce80b5d87292203e907171;hpb=9d51c7b1a4ac5fcdd7eb5bb50c69155e9c8e7be9;p=bizou.git diff --git a/index.php b/index.php index e6ab0c1..61b22d6 100644 --- a/index.php +++ b/index.php @@ -1,40 +1,58 @@ - -
- - - - - simplePath == /toto/titi +$simplePath = $_SERVER["PATH_INFO"]; +if ($simplePath == '/') $simplePath = ''; +// extra security check to avoid /photos/index/../.. like urls, maybe useless but.. +if (strpos($simplePath, '..') !== false) die(".. found in url"); +$folders = array(); $imageFiles = array(); $otherFiles = array(); -$realDir = "images$shortPath"; +# realDir is the directory in filesystem +# seen from current script directory +$realDir = IMAGES_DIR.$simplePath; + +if (! is_dir($realDir)) { + header("HTTP/1.1 404 Not Found"); + die("Directory Not Found"); +} -foreach (scandir($realDir) as $file) if ($file != '.') +foreach (scandir($realDir) as $file) if ($file != '.' and $file != '..') { - if ($file == '..') + if (is_dir("$realDir/$file")) { - echo "\n"; - } - elseif (is_dir("$realDir/$file")) - { - echo "