24 lines
494 B
PHP
24 lines
494 B
PHP
<?php
|
|
session_start();
|
|
$uploadsDir = __DIR__ . '/../confidential/uploads/';
|
|
|
|
if(empty($_SESSION['username'])) {
|
|
exit('Access denied.');
|
|
}
|
|
|
|
if(!empty($_POST['file'])) {
|
|
$file = basename($_POST['file']); // prevent directory traversal
|
|
$path = $uploadsDir . $file;
|
|
|
|
if(file_exists($path)) {
|
|
ob_start();
|
|
include $path; // PHP executes here
|
|
echo ob_get_clean();
|
|
} else {
|
|
echo "File not found.";
|
|
}
|
|
} else {
|
|
echo "No file specified.";
|
|
}
|
|
?>
|