Try: ca/tecreations/ViewFile.php
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/tec_SiteRoot.php";
global $text, $error_msg, $path;
if (isset($_REQUEST['path']) && !empty($_REQUEST['path'])) {
$path = $_REQUEST['path'];
if (!empty($path)) {
if (startsWith($path,"/")) {
$error_msg = "Will not work with absolute paths. Sorry, privacy and security. Specify a subpath and filename.";
} else if (strpos($path,"..") !== false ) {
$error_msg = "Cannot go to higher level directory. Sorry, privacy and security. Specify a subpath and filename.";
} else {
$text = htmlentities(getFileText("/var/www/tecreations.ca/html/" . $path),ENT_QUOTES|ENT_HTML401);
}
}
}
require_once $DOCROOT . $TEC_PREFIX_DIR . "start_html.php";
?>
</head>
<body>
<?php
include_once $DOCROOT . $TEC_PREFIX_DIR . "header_start.php";
include_once $DOCROOT . $TEC_PREFIX_DIR . "menu/userMenu.php";
include_once $DOCROOT . $TEC_PREFIX_DIR . "menu/contact.php";
include_once $DOCROOT . $TEC_PREFIX_DIR . "header_finish.php";
GLOBAL $error_msg;
if (!empty($error_msg)) {
print("<p> </p>");
print("<p><span class='red'>$error_msg</span></p>\n");
print("<p> </p>");
}
?>
<p><a href="/ca/tecreations/List.php">List</a></p>
<p>Try: ca/tecreations/ViewFile.php</p>
<div class="padded jumbotron">
<form name="" id="" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET"><!-- for instructional purposes... -->
<label for="path">Enter a path without a preceding slash:</label>
<input type="text" name="path" id="path" value="<?php
GLOBAL $path;
if (empty($path)) {
print("Path to file on https://tecreations.ca/");
} else {
print($path);
}
?>" onfocus="document.getElementById('path').value='';"
class="form-control">
<input type="submit" value="View File">
</form>
</div>
<pre>
<code class="blueAndGrey">
<?php
GLOBAL $text;
print($text);
?>
</code>
</pre>
</body>
</html>