From d6d100e9d3200cd8c951aba9e2de85d8a84e8070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= Date: Fri, 19 Aug 2022 03:36:55 +0200 Subject: [PATCH] Redesigned newsentry.php: + prevention of using undefined $_GET['entry'] + simplify file search for news entry content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Slávek Banko --- newsentry.php | 57 ++++++++++++++++----------------------------------- 1 file changed, 18 insertions(+), 39 deletions(-) diff --git a/newsentry.php b/newsentry.php index 71389ef..12835a3 100644 --- a/newsentry.php +++ b/newsentry.php @@ -28,53 +28,32 @@ function writeNewsEntry($file, $prefix) { } } -if ($handle = opendir('./news/')) { -$filenames = array(); -while ($file = readdir($handle)) { - $filenames[] = $file; -} -rsort($filenames); - -$entryfound = 0; -foreach($filenames as $file) { - if ($file == $_GET["entry"]) { - writeNewsEntry($file, 'news'); - $entryfound = 1; - } -} -closedir($handle); - -if ($entryfound == 0) { - if ($handle = opendir('./rssentries/')) { - $filenames = array(); - while ($file = readdir($handle)) { - $filenames[] = $file; - } - rsort($filenames); - - $entryfound = 0; - foreach($filenames as $file) { - if ($file == $_GET["entry"]) { - writeNewsEntry($file, 'rssentries'); - $entryfound = 1; - } - } - closedir($handle); - - if ($entryfound == 0) { - echo 'Requested news entry not found!'; - echo "

"; +$entryFound = false; +if (!empty($_GET['entry'])) +{ + $sources = ['news', 'rssentries']; + foreach ($sources as $source) + { + $filenames = scandir('./'.$source.'/', SCANDIR_SORT_DESCENDING); + if (in_array($_GET['entry'], $filenames)) + { + writeNewsEntry($_GET['entry'], $source); + $entryFound = true; + break; } } } +if (!$entryFound) +{ + echo 'Requested news entry not found!'; + echo "

"; +} echo 'Go back to News'; echo "

"; -} + ?> - -