<?php
    $_dir = isset($_GET['dir']) ? trim(strval($_GET['dir'])) : '';
    $_file = isset($_GET['file']) ? trim(strval($_GET['file'])) : '';

    if (substr($_file, 0, 1) != '.' && strpos($_file, '/') === false && strpos($_file, ' ') === false && strpos($_file, '#') === false && strpos($_file, '&') === false && stripos($_file, 'config') === false)
    {
        if (strpos($_dir, '.') === false && strpos($_dir, ' ') === false && strpos($_dir, '#') === false && strpos($_dir, '&') === false)
        {
            if (file_exists('.' . $_dir . $_file))
            {
                highlight_file('.' . $_dir . $_file);
            }
            else
            {
                echo 'Sorry but you can\'t view this file.';
            }
        }
        else
        {
            echo 'Sorry but you can\'t view this file.';
        }
    }
    else
    {
        echo 'Sorry but you can\'t view this file.';
    }
?>