function atfile_GET(Web &$w) { $p = $w->pathMatch("id"); $id = str_replace(".jpg", "", $p['id']); $attachment = $w->service("File")->getAttachment($id); $w->sendFile(FILE_ROOT . $attachment->fullpath); }
/** * Send media files from within * a modules help/media folder * * @param unknown_type $w */ function media_GET(Web &$w) { $p = $w->pathMatch("m", "f"); $m = $p['m']; $f = $p['f']; $filename = str_replace("..", "", ROOT . "/" . $w->getModuleDir($m) . '/help/media/' . $f); $w->sendFile($filename); }
function path_GET(Web &$w) { // make sure we secure from /../../etc/passwd attacks!! $filename = str_replace("..", "", FILE_ROOT . $w->getPath()); $w->sendFile($filename); }