link tag
if (in_array($filename, $valid_filenames)) {
// $filename is code-injection safe (being in validity array)
// as plain text
header("Content-Type: text/plain");
echo file_get_contents($filename);
} else {
// as HTML text
function expose($filename)
{ // $filename is code-injection safe (being used only from safe foreach)
echo "// $filename\n";
echo htmlspecialchars(file_get_contents($filename));
echo "// end of : $filename\n\n\n";
}
echo "";
foreach ($valid_filenames as $filename) {
// $filename is code-injection safe (being taken from $valid_filenames)
expose($filename);
}
echo "";
}