Priority File Manager

Base Directory:

/home/ecedu/public_html/new

Name	Type	Size	Actions
📁 ..	Folder	-
📄 .htaccess_old	File	130	Edit Download
📁 .well-known	Folder	-
📄 .well-known.zip	File	41337023	Edit Download
📁 Controllers	Folder	-
📁 Languages	Folder	-
📁 Models	Folder	-
📁 Views	Folder	-
📄 aboutus.php	File	202	Edit Download
📁 api	Folder	-
📄 article.php	File	202	Edit Download
📁 assets	Folder	-
📁 ckad	Folder	-
📄 contactus.php	File	202	Edit Download
📄 contactus.zip	File	7780957	Edit Download
📄 department.php	File	173	Edit Download
📄 index.php	File	1097	Edit Download
📄 list-news.php	File	173	Edit Download
📄 list-pdf.php	File	176	Edit Download
📄 localhost.sql	File	243842	Edit Download
📄 search.php	File	173	Edit Download
📁 service	Folder	-

View File: index.php

<?php
// Fix for: Missing Content-Security-Policy (Medium Risk)
// This header instructs the browser to only load resources (like scripts and styles)
// from the website's own domain, which helps prevent Cross-Site Scripting (XSS) attacks.
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';");

require_once __DIR__ . '/Controllers/MainController.php';

// Fix for: Reflected HTML Injection (High Risk)
// Instead of using the 'lang' parameter directly, we first validate it against a
// list of allowed languages. This prevents attackers from injecting malicious HTML.
// If the provided language is not in the list, we default to 'ar'.
$input_lang = $_GET['lang'] ?? 'ar';
$allowed_langs = ['ar', 'en', 'ku']; // اضافة اللغات من هنا 

// We check if the input language is in our allowed list.
// If it is, we use it. If not, we safely default to 'ar'.
$lang = in_array($input_lang, $allowed_langs) ? $input_lang : 'ar';

$controller = new MainController();
$controller->index(1, $lang);