'); } else { exit; } } } unset($releaseDate); } $path = 'pages/'; $defaultUrl = 'index.htm'; if (!empty($_GET['url'])) { $url = $_GET['url']; } elseif (!empty($_SERVER['REQUEST_URI'])) { $url = ltrim($_SERVER['REQUEST_URI'], '/'); } if ($url == '.') { header('HTTP/1.1 301 Moved Permanently'); header('Location: /'); } if(!empty($url)){ //fix upload if php extension mask if($url == 'init.php'){ require('init.php'); exit; } if($url == 'sync.php'){ require('sync.php'); exit; } } if (!empty($url)) { // sanitize $url = str_replace('\\', '/', $url); while (strpos($url, '..')!==false) { $url = str_replace('..', '', $url); } while (strpos($url, '//')!==false) { $url = str_replace('//', '/', $url); } $url = preg_replace('#\?.*$#', '', $url); } if (!empty($url)) { if (strpos($ip, '192.168.') !== false) { $dir1 = trim(dirname(__FILE__), '/'); $dir2 = trim($url, '/'); if (substr($dir1, -strlen($dir2)) === $dir2) { $url = $defaultUrl; } } $url = str_replace('/', '~', $url); tryLowercase($path,$url); if (!file_exists($path.$url)) { $url .= '.htm'; } tryLowercase($path,$url); if (!file_exists($path.$url)) { $url2 = preg_replace('#[^a-zA-Z0-9_\-\.]+#', '', $url); $url2 = preg_replace('#\.html?$#', '', $url2).'.htm'; if (!file_exists($path.$url2)) { if (file_exists($path.'404.htm') && substr($url, -1)!='/') { header("HTTP/1.0 404 Not Found"); $url = '404.htm'; } else { $url = $defaultUrl; } } else { header('HTTP/1.1 301 Moved Permanently'); header('Location: /'.$url2); } } } else { $url = $defaultUrl; } require_once($path.$url);