diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2015-01-31 14:45:37 +0100 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2015-01-31 14:45:37 +0100 |
| commit | a97bbd9bd54c5fa56d54b3c214cf4e8af96af8b2 (patch) | |
| tree | 6e83890bc1b3814a12c3b7bedc0d5944f30f507b /p/ext.php | |
| parent | 42fd539a1b14f883077048a35864b4294b6efe94 (diff) | |
| parent | e91b72b63cd11ae3c4f59e48439e93955242c673 (diff) | |
Merge branch 'dev'
Conflicts:
CHANGELOG
README.fr.md
README.md
app/Controllers/feedController.php
app/Controllers/indexController.php
app/i18n/en.php
app/i18n/fr.php
app/views/helpers/view/normal_view.phtml
app/views/stats/index.phtml
app/views/stats/repartition.phtml
constants.php
p/scripts/main.js
Diffstat (limited to 'p/ext.php')
| -rw-r--r-- | p/ext.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/p/ext.php b/p/ext.php new file mode 100644 index 000000000..5c9f9125f --- /dev/null +++ b/p/ext.php @@ -0,0 +1,71 @@ +<?php +if (!isset($_GET['f']) || + !isset($_GET['t'])) { + header('HTTP/1.1 400 Bad Request'); + die(); +} + +require('../constants.php'); + +/** + * Check if a file can be served by ext.php. A valid file is under a + * EXTENSIONS_PATH/extension_name/static/ directory. + * + * You should sanitize path by using the realpath() function. + * + * @param $path the path to the file we want to serve. + * @return true if it can be served, false else. + * + */ +function is_valid_path($path) { + // It must be under the extension path. + $in_ext_path = (substr($path, 0, strlen(EXTENSIONS_PATH)) === EXTENSIONS_PATH); + if (!$in_ext_path) { + return false; + } + + // File to serve must be under a `ext_dir/static/` directory. + $path_relative_to_ext = substr($path, strlen(EXTENSIONS_PATH) + 1); + $path_splitted = explode('/', $path_relative_to_ext); + if (count($path_splitted) < 3 || $path_splitted[1] !== 'static') { + return false; + } + + return true; +} + +$file_name = urldecode($_GET['f']); +$file_type = $_GET['t']; + +$absolute_filename = realpath(EXTENSIONS_PATH . '/' . $file_name); + +if (!is_valid_path($absolute_filename)) { + header('HTTP/1.1 400 Bad Request'); + die(); +} + +switch ($file_type) { +case 'css': + header('Content-Type: text/css; charset=UTF-8'); + header('Content-Disposition: inline; filename="' . $file_name . '"'); + break; +case 'js': + header('Content-Type: application/javascript; charset=UTF-8'); + header('Content-Disposition: inline; filename="' . $file_name . '"'); + break; +default: + header('HTTP/1.1 400 Bad Request'); + die(); +} + +$mtime = @filemtime($absolute_filename); +if ($mtime === false) { + header('HTTP/1.1 404 Not Found'); + die(); +} + +require(LIB_PATH . '/http-conditional.php'); + +if (!httpConditional($mtime, 604800, 2)) { + readfile($absolute_filename); +} |