Redesigned newsentry.php:

+ prevention of using undefined $_GET['entry']
+ simplify file search for news entry content

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/3/head
Slávek Banko 2 years ago
parent 3f1595d543
commit d6d100e9d3
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668

@ -28,53 +28,32 @@ function writeNewsEntry($file, $prefix) {
} }
} }
if ($handle = opendir('./news/')) { $entryFound = false;
$filenames = array(); if (!empty($_GET['entry']))
while ($file = readdir($handle)) { {
$filenames[] = $file; $sources = ['news', 'rssentries'];
} foreach ($sources as $source)
rsort($filenames); {
$filenames = scandir('./'.$source.'/', SCANDIR_SORT_DESCENDING);
$entryfound = 0; if (in_array($_GET['entry'], $filenames))
foreach($filenames as $file) { {
if ($file == $_GET["entry"]) { writeNewsEntry($_GET['entry'], $source);
writeNewsEntry($file, 'news'); $entryFound = true;
$entryfound = 1; break;
}
}
closedir($handle);
if ($entryfound == 0) {
if ($handle = opendir('./rssentries/')) {
$filenames = array();
while ($file = readdir($handle)) {
$filenames[] = $file;
}
rsort($filenames);
$entryfound = 0;
foreach($filenames as $file) {
if ($file == $_GET["entry"]) {
writeNewsEntry($file, 'rssentries');
$entryfound = 1;
}
}
closedir($handle);
if ($entryfound == 0) {
echo '<font color="red">Requested news entry not found!</font>';
echo "<p>";
} }
} }
} }
if (!$entryFound)
{
echo '<font color="red">Requested news entry not found!</font>';
echo "<p>";
}
echo '<a href="/news.php">Go back to News</a>'; echo '<a href="/news.php">Go back to News</a>';
echo "<p>"; echo "<p>";
}
?> ?>
<?php <?php
doFooter(); doFooter();
?> ?>

Loading…
Cancel
Save