PHP Script: PHP Source Browser

This is just a VERY simple script to browse through a directory and it's sub-directories and be able to show the source of any .php file.

It has a tiny amount of security to prevent people from going to a directory that starts with / or that contains ..

$dir = (isset($_GET["dir"]) ? $_GET["dir"] : ".");
$file = (isset($_GET["file"]) ? $_GET["file"] : "");

if ((isset($dir) && ($dir[0] == "/")) || (str_replace("..","",$dir) != $dir)) {
    echo "permission denied";
    exit;
}

if ($file) {
    show_source($dir."/".$file);
} else {
    $dh = opendir($dir);
    echo "Listing of ".$dir."< br>";
    echo "< ul>";
    while (($file = readdir($dh)) !== false) {
        if (($file != "..") && ($file != ".")) {
            // it's not the static dirs . or ..
            if (is_dir($dir."/".$file)) {
                // it's a directory, show a directory link
                echo "< li>< a href=\"".$_SERVER["PHP_SELF"]."?dir=".$dir."/".$file."\">< b>$file/< /b>< /a>";
            } else {
                // it's a file
                if (strtolower(substr($file, -4)) == ".php") {
                    // it's a .php file, show source
                    echo "< li>< a href=\"".$_SERVER["PHP_SELF"]."?dir=".$dir."&file=".$file."\">$file< /a>";
                }
            }
        }
    }
    echo "< /ul>";
}

?>