/**
* Is this a legal id for the server file system?
* @see is_valid_path()
* @return boolean
*/
public function is_valid()
{
return is_valid_path($this->_text);
}
$in_ext_path = substr($path, 0, strlen(EXTENSIONS_PATH)) === EXTENSIONS_PATH;
if (!$in_ext_path) {
return false;
}
// File to serve must be under a `ext_dir/static/` directory.
$path_relative_to_ext = substr($path, strlen(EXTENSIONS_PATH) + 1);
$path_splitted = explode('/', $path_relative_to_ext);
if (count($path_splitted) < 3 || $path_splitted[1] !== 'static') {
return false;
}
return true;
}
$file_name = urldecode($_GET['f']);
$file_type = $_GET['t'];
$absolute_filename = realpath(EXTENSIONS_PATH . '/' . $file_name);
if (!is_valid_path($absolute_filename)) {
header('HTTP/1.1 400 Bad Request');
die;
}
switch ($file_type) {
case 'css':
header('Content-Type: text/css; charset=UTF-8');
header('Content-Disposition: inline; filename="' . $file_name . '"');
break;
case 'js':
header('Content-Type: application/javascript; charset=UTF-8');
header('Content-Disposition: inline; filename="' . $file_name . '"');
break;
default:
header('HTTP/1.1 400 Bad Request');
die;