Bug fixes

This commit is contained in:
dignajar 2015-06-30 00:23:29 -03:00
parent 256773cc89
commit e76e92bf98
6 changed files with 32 additions and 19 deletions

View File

@ -1,5 +1,7 @@
AddDefaultCharset UTF-8
<IfModule mod_rewrite.c>
# Enable rewrite rules
RewriteEngine on
@ -8,4 +10,6 @@ RewriteRule ^content/(.*)\.txt$ - [R=404,L]
# All URL process by index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [L]
RewriteRule ^(.*) index.php [L]
</IfModule>

View File

@ -3,11 +3,10 @@
class fileContent
{
public $vars;
public $path;
function __construct($pathSlug)
function __construct($path)
{
if($this->build($pathSlug)===false) {
if($this->build($path)===false) {
$this->vars = false;
}
}
@ -37,17 +36,14 @@ class fileContent
return true;
}
private function build($pathSlug)
private function build($path)
{
if( !Sanitize::pathFile($this->path.$pathSlug.DS, 'index.txt') ) {
if( !Sanitize::pathFile($path, 'index.txt') ) {
return false;
}
// Database Key
$this->setField('key', $pathSlug);
$tmp = 0;
$lines = file($this->path.$pathSlug.DS.'index.txt');
$lines = file($path.'index.txt');
foreach($lines as $lineNumber=>$line)
{
$parts = array_map('trim', explode(':', $line, 2));

View File

@ -30,15 +30,20 @@ class Sanitize {
public static function pathFile($path, $file)
{
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
$path = str_replace('/', DS, $path);
$real = realpath($path.$file);
// If $real is FALSE the file does not exist.
if($real===false)
if($real===false) {
return false;
}
// If the $real path does not start with the systemPath then this is Path Traversal.
if(strpos($path.$file, $real)!==0)
if(strpos($path.$file, $real)!==0) {
return false;
}
return true;
}

View File

@ -3,10 +3,11 @@
class Page extends fileContent
{
function __construct($key)
{
$this->path = PATH_PAGES;
{
// Database Key
$this->setField('key', $key);
parent::__construct($key);
parent::__construct(PATH_PAGES.$key.DS);
}
// Returns the post title.

View File

@ -2,11 +2,12 @@
class Post extends fileContent
{
function __construct($slug)
function __construct($key)
{
$this->path = PATH_POSTS;
// Database Key
$this->setField('key', $key);
parent::__construct($slug);
parent::__construct(PATH_POSTS.$key.DS);
}
// Returns the post title.

View File

@ -9,7 +9,13 @@
</h2>
<p class="post-meta">
<span><?php echo $Language->get('Posted By').' '.$Post->author() ?></span>
<span><?php
if( Text::isNotEmpty($Post->author()) ) {
echo $Post->author();
}
?></span>
<span>Date: <?php echo $Post->dateCreated() ?></span>
</p>
</header>