diff --git a/link.php b/link.php index 871d87c939..5a988dae37 100644 --- a/link.php +++ b/link.php @@ -77,10 +77,11 @@ } else { print '
'; - $file = CACTI_PATH_INCLUDE . '/content/' . basename($page['contentfile']); + $basepath = CACTI_PATH_INCLUDE . '/content'; + $file = realpath($basepath . '/' . $page['contentfile']); - if (file_exists($file)) { - include_once($file); + if ($file !== false && substr($file, 0, strlen($basepath)) == $basepath) { + print file_get_contents($file); } else { print '

The file \'' . html_escape($page['contentfile']) . '\' does not exist!!

'; }