<fieldset> <legend>Slideshow speed</legend> <input type="text" maxlength="2" name="ssSpeed" id="slideshow_speed" value="<?php echo $ssSpeed / 1000; ?> " style="width:30px;" /> seconds per image<br /> </fieldset> <input type="submit" name="Save" id="prefSave" value="Save" /> </form> <?php if (isset($_GET['view'])) { if (substr($_GET['view'], 0, 2) != ".." && substr($_GET['view'], 0, 1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')) { $out = new FNOutput(); $out->viewFile($_GET['view']); } else { // someone is poking around where they shouldn't be echo "Don't hack my shit yo."; exit; } } else { if (isset($_GET['src'])) { if (substr($_GET['src'], 0, 2) != ".." && substr($_GET['src'], 0, 1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')) { $out = new FNOutput(); $out->showSource($_GET['src']); } else { // someone is poking around where they shouldn't be echo "Don't hack my shit yo."; exit; }