function send_response_status_header($response_code) { $mode = get_interpreter_invocation_mode(); switch ($mode) { default: case 'fcgi': header('Status: ' . $response_code, true, $response_code); break; case 'server': header('HTTP/1.0 ' . $response_code . ' ' . get_response_code_string($response_code), true, $response_code); break; } }
/** * Load the content of the given item. ($element MUST be an absolute path!) * * Note that this function does 'fixup' the loaded content, which MAY result in recursive * invocation of this function to load each of the dectected sub-items. This way we can easily handle * 'flattening' CSS which uses the @import statement, etc. */ function load_one($type, $http_base, $base, $root, $element) { global $do_not_load; $uri = path_remove_dot_segments($base . '/' . $element); $path = str_replace("\\", '/', realpath($uri)); /* Windows can handle '/' so we're OK with the replace here; makes strpos() below work on all platforms */ /* * only allow a load when the CSS/JS is indeed within document-root: * * as path_remove_dot_segments() will remove ALL '../' directory bits, any attempt to grab, say, * ../../../../../../../../../etc/passwd * will fail as path_remove_dot_segments() will have DAMAGED the path and $element * does not point within the $root path any more! */ $my_content = null; if (is_file($path) && strpos($path, $root) === 0) { //echo "<pre>$type, $http_base, \n$base, \n$root, $element, \n$uri --> $path, " . strpos($path, $root); $my_content = ''; if (!$do_not_load) { $my_content = file_get_contents($path); } } else { send_response_status_header(404); // Not Found die("\n" . get_response_code_string(404) . " - Combiner: not a legal path: {$type}, {$http_base}, \n{$base}, \n{$root}, {$element}, \n{$uri} --> {$path}, " . strpos($path, $root)); } if ($my_content === false) { send_response_status_header(404); // Not Found die("\n" . get_response_code_string(404) . " - Combiner: failed to load data from file: type='{$type}', element='{$element}'\n"); } switch ($type) { case 'css': /* * Before we go and optimize the CSS (or not), we fix up the CSS for IE7/8/... by adding the * * behavior: url(PIE.php); * * line in every definition which has a 'border-radius'. * * We do it this way to ensure all styles are patched correctly; previously this was done by hand in the * various CSS files, resulting in quite a few ommisions in the base css files and also the templates' ones. * * As we now force all CSS+JS requests through here, we can easily fix this kind of oddity very consistently * by performing the fix in code, right here. * * As the result is cached, this effort is only required once. Which would happen at install time when * you run the 'cache priming' action, resulting in a fully set up cache when you go 'live'. */ $my_content = fixup_css($my_content, $http_base, $type, $base, $root, $element); break; default: $my_content = fixup_js($my_content, $http_base, $type, $base, $root, $element); break; } return $my_content; }
<?php // Define default location if (!defined('BASE_PATH')) { die('BASE_PATH not defined!'); } send_response_status_header(403); echo '<p>' . $ccms['lang']['system']['error_403content'] . '</p>'; if (0) { dump_request_to_logfile(array('invocation_mode' => get_interpreter_invocation_mode(), 'response(404)' => get_response_code_string(404), 'response(403)' => get_response_code_string(403), 'response(302)' => get_response_code_string(302)), true); }