diff options
| author |  Alexis Degrugillier <aledeg@users.noreply.github.com>
| 2021-02-01 18:00:51 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-02-02 00:00:51 +0100 |
| commit | bed710b260e0032b65eda92d3c395c4f1c71308a (patch) | |
| tree | ee7c544ac705dbd81538828d86b1642bc4937c82 /p | |
| parent | 45ee7a36d5de18376c89ef96726c6e88ad37b9ba (diff) | |
Refactor extension file script (#3399)
Diffstat (limited to 'p')
| -rw-r--r-- | p/ext.php | 78 |
1 files changed, 36 insertions, 42 deletions
@@ -1,12 +1,18 @@ <?php -if (!isset($_GET['f']) || - !isset($_GET['t'])) { - header('HTTP/1.1 400 Bad Request'); - die(); -} require(__DIR__ . '/../constants.php'); +// Supported types with their associated content type +const SUPPORTED_TYPES = [ + 'css' => 'text/css; charset=UTF-8', + 'js' => 'application/javascript; charset=UTF-8', + 'png' => 'image/png', + 'jpeg' => 'image/jpeg', + 'jpg' => 'image/jpeg', + 'gif' => 'image/gif', + 'svg' => 'image/svg+xml', +]; + function is_valid_path_extension($path, $extensionPath) { // It must be under the extension path. $real_ext_path = realpath($extensionPath); @@ -22,8 +28,8 @@ function is_valid_path_extension($path, $extensionPath) { // File to serve must be under a `ext_dir/static/` directory. $path_relative_to_ext = substr($path, strlen($real_ext_path) + 1); - $path_splitted = explode('/', $path_relative_to_ext); - if (count($path_splitted) < 3 || $path_splitted[1] !== 'static') { + list(,$static,$file) = sscanf($path_relative_to_ext, '%[^/]/%[^/]/%s'); + if (null === $file || 'static' !== $static) { return false; } @@ -44,51 +50,39 @@ function is_valid_path($path) { return is_valid_path_extension($path, CORE_EXTENSIONS_PATH) || is_valid_path_extension($path, THIRDPARTY_EXTENSIONS_PATH); } +function sendBadRequestResponse(string $message = null) { + header('HTTP/1.1 400 Bad Request'); + die($message); +} + +function sendNotFoundResponse() { + header('HTTP/1.1 404 Not Found'); + die(); +} + +if (!isset($_GET['f']) || + !isset($_GET['t'])) { + sendBadRequestResponse('Query string is incomplete.'); +} + $file_name = urldecode($_GET['f']); $file_type = $_GET['t']; +if (empty(SUPPORTED_TYPES[$file_type])) { + sendBadRequestResponse('File type is not supported.'); +} $absolute_filename = realpath(EXTENSIONS_PATH . '/' . $file_name); - if (!is_valid_path($absolute_filename)) { - header('HTTP/1.1 400 Bad Request'); - die(); + sendBadRequestResponse('File is not supported.'); } -switch ($file_type) { -case 'css': - header('Content-Type: text/css; charset=UTF-8'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -case 'js': - header('Content-Type: application/javascript; charset=UTF-8'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -case 'png': - header('Content-Type: image/png'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -case 'jpeg': -case 'jpg': - header('Content-Type: image/jpeg'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -case 'gif': - header('Content-Type: image/gif'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -case 'svg': - header('Content-Type: image/svg+xml'); - header('Content-Disposition: inline; filename="' . $file_name . '"'); - break; -default: - header('HTTP/1.1 400 Bad Request'); - die(); -} +$content_type = SUPPORTED_TYPES[$file_type]; +header("Content-Type: {$content_type}"); +header("Content-Disposition: inline; filename='{$file_name}'"); $mtime = @filemtime($absolute_filename); if ($mtime === false) { - header('HTTP/1.1 404 Not Found'); - die(); + sendNotFoundResponse(); } require(LIB_PATH . '/http-conditional.php'); |