/**
* Gets an instance of the the DbConnection
*
* @param string $db_host
* @param string $db_user
* @param string $db_password
* @param string $db_name
* @return DbConnection
* @todo Change to Use config from files.
*/
public static function getInstance($connection = '')
{
if (empty($connection) || !isset(self::$_instances[$connection])) {
$Config = Config::getInstance();
if (empty($connection)) {
$connection = $Config->system_enviroment;
}
$DbConfig = Config::getDbConfig($connection);
$DbConnection = new DbConnection($DbConfig->db_host, $DbConfig->db_user, $DbConfig->db_password, $DbConfig->db_name);
try {
$DbConnection->connect();
} catch (Exception $e) {
loadErrorPage('nodb');
}
$DbConnection->executeQuery("SET CHARACTER SET 'utf8'");
self::$_instances[$connection] = $DbConnection;
}
return self::$_instances[$connection];
}
*/
define('TO_ROOT', '.');
include TO_ROOT . "/includes/main.inc.php";
$file = $_GET['file'];
$match = FALSE;
$allowed_extensions = array('png', 'jpg', 'gif', 'js', 'txt', 'html', 'css', 'less');
foreach ($allowed_extensions as $extension) {
if (preg_match("/\\.{$extension}\$/i", $file) > 0) {
$match = TRUE;
}
}
if (!$match) {
header("HTTP/1.0 403 Forbidden");
loadErrorPage('403');
}
/** Sanitize access to folders up in the hierarchy **/
if (strpos($file, "../") !== FALSE) {
header("HTTP/1.0 403 Forbidden");
loadErrorPage('403');
}
$filename = THAFRAME . "/gateway/{$file}";
if (!file_exists($filename)) {
header("HTTP/1.0 404 Not Found");
loadErrorPage('404');
}
$mimetype = mime_content_type($filename);
header("Content-type: {$mimetype}");
if (@readfile($filename) === false) {
header("HTTP/1.0 403 Forbidden");
loadErrorPage('403');
}