Location: PHPKode > projects > DynPage > dynpage/content/dynpage_load.php
<?php
/*
DynPage V1.01 - A simple Content Management System
Copyright (C) 2009-2010 Matthias Wiede <hide@address.com>

This program is free software; you can redistribute it and/or modify 
it under the terms of the GNU General Public License as published by 
the Free Software Foundation; either version 3 of the License, or 
(at your option) any later version.

This program is distributed in the hope that it will be useful, but 
WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY 
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
for more details.

You should have received a copy of the GNU General Public License 
along with this program; if not, see http://www.gnu.org/licenses.
*/

$filename = $_GET["file"];

/* 
Security check!
Check if path does not include root dir
and file is html/htm file
*/
function getFileExtension ($filename) { 
	 $filename = strtolower($filename) ; 
	 $exts = split("[/\\.]", $filename) ; 
	 $n = count($exts)-1; 
	 $exts = $exts[$n]; 
	 return $exts; 
} 

$ext = getFileExtension ($filename);
if (strpos ($filename, "..")!==false || ($ext!="htm" && $ext!="html"))
	exit;


/* Include the file */
if (!is_dir ($filename) && file_exists ($filename)) 
{
	$bytes = filesize ($filename);
	$fh = fopen($filename, 'r');
	print (fread ($fh, $bytes));
	fclose ($fh);
}
else
{
	header("HTTP/1.1 404 Not Found");
	print ("DynPage file not found: ".htmlspecialchars ($filename));
}

?>
100% Free PHP Newsletter Script! Download now!
Return current item: DynPage