Don't output anything only 403 on fishy request

2021-03-20 18:33:58 +01:00 · 2021-03-20 18:33:58 +01:00 · 549e014daa
parent 6d6093990d
commit 549e014daa
1 changed files with 3 additions and 3 deletions
--- a/wiki.php
+++ b/wiki.php
@ -12,10 +12,10 @@ $page = isset($_GET['page']) ? $_GET['page'] : 'main';
 // Sanitize page request so we don't allow to read EVERY markdown file
 // for example ../../../home/foobar/mysecretdocument
 if (strpos($page, "../") !== false) {
-    $content_file = "includes/nice_try.md";
-} else {
-    $content_file = "articles/$page.md";
+    header('HTTP/1.0 403 Forbidden');
+    exit();
 }
+$content_file = "articles/$page.md";

 $Parsedown = new Parsedown();
 $Parsedown->setSafeMode(true);