From 549e014daa0b7e820053ad4bf708b229bb24390d Mon Sep 17 00:00:00 2001
From: southerntofu <southerntofu@thunix.net>
Date: Sat, 20 Mar 2021 18:33:58 +0100
Subject: [PATCH] Don't output anything only 403 on fishy request

---
 wiki.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wiki.php b/wiki.php
index 3a9df1b..f4ffa15 100644
--- a/wiki.php
+++ b/wiki.php
@@ -12,10 +12,10 @@ $page = isset($_GET['page']) ? $_GET['page'] : 'main';
 // Sanitize page request so we don't allow to read EVERY markdown file
 // for example ../../../home/foobar/mysecretdocument
 if (strpos($page, "../") !== false) {
-    $content_file = "includes/nice_try.md";
-} else {
-    $content_file = "articles/$page.md";
+    header('HTTP/1.0 403 Forbidden');
+    exit();
 }
+$content_file = "articles/$page.md";
 
 $Parsedown = new Parsedown();
 $Parsedown->setSafeMode(true);