Redesigned newsentry.php:

+ prevention of using undefined $_GET['entry']
+ simplify file search for news entry content

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/3/head
Slávek Banko 2 years ago
parent 3f1595d543
commit d6d100e9d3
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668

@ -28,53 +28,32 @@ function writeNewsEntry($file, $prefix) {
}
}
if ($handle = opendir('./news/')) {
$filenames = array();
while ($file = readdir($handle)) {
$filenames[] = $file;
}
rsort($filenames);
$entryfound = 0;
foreach($filenames as $file) {
if ($file == $_GET["entry"]) {
writeNewsEntry($file, 'news');
$entryfound = 1;
}
}
closedir($handle);
if ($entryfound == 0) {
if ($handle = opendir('./rssentries/')) {
$filenames = array();
while ($file = readdir($handle)) {
$filenames[] = $file;
}
rsort($filenames);
$entryfound = 0;
foreach($filenames as $file) {
if ($file == $_GET["entry"]) {
writeNewsEntry($file, 'rssentries');
$entryfound = 1;
}
}
closedir($handle);
if ($entryfound == 0) {
echo '<font color="red">Requested news entry not found!</font>';
echo "<p>";
$entryFound = false;
if (!empty($_GET['entry']))
{
$sources = ['news', 'rssentries'];
foreach ($sources as $source)
{
$filenames = scandir('./'.$source.'/', SCANDIR_SORT_DESCENDING);
if (in_array($_GET['entry'], $filenames))
{
writeNewsEntry($_GET['entry'], $source);
$entryFound = true;
break;
}
}
}
if (!$entryFound)
{
echo '<font color="red">Requested news entry not found!</font>';
echo "<p>";
}
echo '<a href="/news.php">Go back to News</a>';
echo "<p>";
}
?>
<?php
doFooter();
?>

Loading…
Cancel
Save