Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 17:59:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Security fix"

Browse Source 
This reverts commit ef2a4082980ef55f811803eff155c1d356465b26.
This commit is contained in:
slawkens 2021-07-05 02:51:45 +02:00
parent e3c695175b
commit aa26a71949
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
index.php
View File

@ -81,7 +81,7 @@ if(empty($uri) || isset($_REQUEST['template'])) {
} }
else { else {
$tmp = strtolower($uri); $tmp = strtolower($uri);
if(preg_match('/^[A-z0-9_\-]+$/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) { if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
$_REQUEST['p'] = $uri; $_REQUEST['p'] = $uri;
$found = true; $found = true;
} }
@ -156,19 +156,17 @@ else {
// define page visited, so it can be used within events system // define page visited, so it can be used within events system
$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : ''); $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
if(empty($page) || !preg_match('/^[A-z0-9_\-]+$/', $page)) { if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
if(!$found) {
$page = '404';
}
else {
$tmp = URI; $tmp = URI;
if (!empty($tmp)) { if(!empty($tmp)) {
$page = $tmp; $page = $tmp;
} }
else { else {
if(!$found)
$page = '404';
else
$page = 'news'; $page = 'news';
} }
}
} }
$page = strtolower($page); $page = strtolower($page);