Skip to content

Commit

Permalink
Merge pull request #11 from Rolix44/master
Browse files Browse the repository at this point in the history 
Fix hidden posts disclosure in previous, next posts & sitemap
  • Loading branch information
@Ooggle
Ooggle authored Apr 26, 2023
2 parents ad2c26b + 4613582 commit 52da87f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion blog/.htaccess
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
DirectoryIndex sitehome.php
Options -Indexes

<FilesMatch "\.conf.php$">
<FilesMatch "\.conf.php|sitemap.json$">
Order allow,deny
Deny from all
</FilesMatch>
Expand Down
7 changes: 7 additions & 0 deletions blog/post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@
$selectedPost = '-1';
$followingPost = '-1';
$sitemap = json_decode(fread(fopen("sitemap.json", "r"), filesize("sitemap.json")));

foreach ($sitemap->posts as $key => $post) {
if(isset($post->hidden) && $post->hidden == true && $_GET["file"] !== $post->url) {
unset($sitemap->posts[$key]);
}
}

foreach ($sitemap->posts as $key => $post) {
if($_GET['file'] === $post->url)
{
Expand Down

0 comments on commit 52da87f

Please sign in to comment.