diff --git a/.htaccess b/.htaccess
index 850d902a..4e4b814e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,5 +1,7 @@
AddDefaultCharset UTF-8
+
+
# Enable rewrite rules
RewriteEngine on
@@ -8,4 +10,6 @@ RewriteRule ^content/(.*)\.txt$ - [R=404,L]
# All URL process by index.php
RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(.*) index.php [L]
\ No newline at end of file
+RewriteRule ^(.*) index.php [L]
+
+
\ No newline at end of file
diff --git a/kernel/abstract/filecontent.class.php b/kernel/abstract/filecontent.class.php
index adcc618b..ffd5b80e 100644
--- a/kernel/abstract/filecontent.class.php
+++ b/kernel/abstract/filecontent.class.php
@@ -3,11 +3,10 @@
class fileContent
{
public $vars;
- public $path;
- function __construct($pathSlug)
+ function __construct($path)
{
- if($this->build($pathSlug)===false) {
+ if($this->build($path)===false) {
$this->vars = false;
}
}
@@ -37,17 +36,14 @@ class fileContent
return true;
}
- private function build($pathSlug)
+ private function build($path)
{
- if( !Sanitize::pathFile($this->path.$pathSlug.DS, 'index.txt') ) {
+ if( !Sanitize::pathFile($path, 'index.txt') ) {
return false;
}
- // Database Key
- $this->setField('key', $pathSlug);
-
$tmp = 0;
- $lines = file($this->path.$pathSlug.DS.'index.txt');
+ $lines = file($path.'index.txt');
foreach($lines as $lineNumber=>$line)
{
$parts = array_map('trim', explode(':', $line, 2));
diff --git a/kernel/helpers/sanitize.class.php b/kernel/helpers/sanitize.class.php
index 510c90e0..410cc180 100644
--- a/kernel/helpers/sanitize.class.php
+++ b/kernel/helpers/sanitize.class.php
@@ -30,15 +30,20 @@ class Sanitize {
public static function pathFile($path, $file)
{
+ // Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
+ $path = str_replace('/', DS, $path);
+
$real = realpath($path.$file);
// If $real is FALSE the file does not exist.
- if($real===false)
+ if($real===false) {
return false;
+ }
// If the $real path does not start with the systemPath then this is Path Traversal.
- if(strpos($path.$file, $real)!==0)
+ if(strpos($path.$file, $real)!==0) {
return false;
+ }
return true;
}
diff --git a/kernel/page.class.php b/kernel/page.class.php
index c638387f..d4e90c64 100644
--- a/kernel/page.class.php
+++ b/kernel/page.class.php
@@ -3,10 +3,11 @@
class Page extends fileContent
{
function __construct($key)
- {
- $this->path = PATH_PAGES;
+ {
+ // Database Key
+ $this->setField('key', $key);
- parent::__construct($key);
+ parent::__construct(PATH_PAGES.$key.DS);
}
// Returns the post title.
diff --git a/kernel/post.class.php b/kernel/post.class.php
index 57bcb716..55c0aa33 100644
--- a/kernel/post.class.php
+++ b/kernel/post.class.php
@@ -2,11 +2,12 @@
class Post extends fileContent
{
- function __construct($slug)
+ function __construct($key)
{
- $this->path = PATH_POSTS;
+ // Database Key
+ $this->setField('key', $key);
- parent::__construct($slug);
+ parent::__construct(PATH_POSTS.$key.DS);
}
// Returns the post title.
diff --git a/themes/pure/php/home.php b/themes/pure/php/home.php
index b7820a16..2a8e2beb 100644
--- a/themes/pure/php/home.php
+++ b/themes/pure/php/home.php
@@ -9,7 +9,13 @@
- get('Posted By').' '.$Post->author() ?>
+ author()) ) {
+ echo $Post->author();
+ }
+
+ ?>
Date: dateCreated() ?>