From b7b3a1781a4bdef5cfa61c233b01535b09262585 Mon Sep 17 00:00:00 2001
From: Lazarus <git@devbeejohn.de>
Date: Sun, 7 Jan 2024 15:26:27 +0100
Subject: [PATCH] Fix some CSS and security issues

---
 css/lazarus/omarpolo.css |  9 +++++++--
 index.php                | 16 +++++++++-------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/css/lazarus/omarpolo.css b/css/lazarus/omarpolo.css
index c4e9072..889eb4d 100644
--- a/css/lazarus/omarpolo.css
+++ b/css/lazarus/omarpolo.css
@@ -2,6 +2,7 @@
 
 /* style from Omar Polo: https://gmid.omarpolo.com/style.css */
 body {
+  background-color: white;
   font-family: monospace;
   font-size: 14px;
   max-width: 780px;
@@ -15,7 +16,7 @@ h1::before {
 }
 
 h2 {
-  margin-top: 40px;
+  margin-top: 20px;
 }
 
 h2::before {
@@ -48,6 +49,10 @@ p.link::before {
   content: "â†’ ";
 }
 
+p {
+  margin: 0;
+}
+
 strong::before { content: "*" }
 strong::after  { content: "*" }
 
@@ -120,4 +125,4 @@ color: #ff4cff;
 
 @media (max-width: 500px) {
   pre.banner { font-size: 10px; }
-}
\ No newline at end of file
+}
diff --git a/index.php b/index.php
index b0e8f9f..c7ec7ea 100644
--- a/index.php
+++ b/index.php
@@ -12,6 +12,12 @@ $domain = $_SERVER['HTTP_HOST'];
 $php_self = $_SERVER['PHP_SELF']; // by default: /htmgem/index.php
 $php_self_dir = dirname($php_self);
 $url = @$_REQUEST["url"];
+
+if(isset($_REQUEST['style']))
+    $style = htmlspecialchars($_REQUEST['style']);
+else
+    $style = "";
+
 $urlRewriting = @$_REQUEST["rw"]=="1";
 
 /**
@@ -66,7 +72,7 @@ if ($go404) {
     http_response_code(404);
     $page404 = \htmgem\html\get404GmiPage($url);
     $gt_html = new \htmgem\GemTextTranslate_html($page404);
-    if (empty($gt_html->getCss())) $gt_html->addCss($php_self_dir."/css/htmgem.css");
+    if (empty($gt_html->getCss())) $gt_html->addCss($php_self_dir.DEFAULT_CSS);
     if ($urlRewriting)
         echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url);
     else
@@ -82,8 +88,6 @@ $fileContents = @file_get_contents($filePath);
 
 /* CSS and special style management
  */
-
-$style = @$_REQUEST['style'];
 if ("source" == $style) {
     $basename = basename($filePath);
     header("Cache-Control: public");
@@ -123,12 +127,10 @@ if (empty($style)) {
 } else {
     $style = preg_replace("/,/", "/", $style);
     if ("/" == $php_self_dir) $php_self_dir = ""; # dirname() never use a final slash except for the root
-    $gt_html->addCss("$php_self_dir/css/$style");
+    $gt_html->addCss($php_self_dir."/css/$style");
 }
 
 if ($urlRewriting)
     echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url);
 else
-    echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");
-
-?>
+    echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");
\ No newline at end of file