diff --git a/link.php b/link.php
index 871d87c939..5a988dae37 100644
--- a/link.php
+++ b/link.php
@@ -77,10 +77,11 @@
} else {
print '
';
- $file = CACTI_PATH_INCLUDE . '/content/' . basename($page['contentfile']);
+ $basepath = CACTI_PATH_INCLUDE . '/content';
+ $file = realpath($basepath . '/' . $page['contentfile']);
- if (file_exists($file)) {
- include_once($file);
+ if ($file !== false && substr($file, 0, strlen($basepath)) == $basepath) {
+ print file_get_contents($file);
} else {
print '
The file \'' . html_escape($page['contentfile']) . '\' does not exist!!
';
}