/** * 解析一个静态资源的内容 * */ public static function parseResourceFile() { $pathinfo = Route::getPathInfo(); array_shift($pathinfo); $resource = implode('/', $pathinfo); if ($GLOBALS['debug'] && CML_IS_MULTI_MODULES) { $pos = strpos($resource, '/'); $file = CML_APP_MODULES_PATH . DIRECTORY_SEPARATOR . substr($resource, 0, $pos) . DIRECTORY_SEPARATOR . Config::get('modules_static_path_name') . substr($resource, $pos); if (is_file($file)) { Response::sendContentTypeBySubFix(substr($resource, strrpos($resource, '.') + 1)); exit(file_get_contents($file)); } else { Response::sendHttpStatus(404); } } }
/** * 防止csrf跨站攻击 * * @param int $type 检测类型 0不检查,1、只检查post,2、post get都检查 */ public static function checkCsrf($type = 1) { if ($type !== 0 && isset($_SERVER['HTTP_REFERER']) && !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { if ($type == 1) { if (!empty($_POST)) { Response::sendHttpStatus(403); throw new \UnexpectedValueException(Lang::get('_ILLEGAL_REQUEST_')); } } else { Response::sendHttpStatus(403); throw new \UnexpectedValueException(Lang::get('_ILLEGAL_REQUEST_')); } } }
/** * 解析一个静态资源的内容 * */ public static function parseResourceFile() { if (Cml::$debug) { $pathInfo = Route::getPathInfo(); array_shift($pathInfo); $resource = implode('/', $pathInfo); $appName = $file = ''; $i = 0; $routeAppHierarchy = Config::get('route_app_hierarchy', 1); while (true) { $resource = ltrim($resource, '/'); $pos = strpos($resource, '/'); $appName = ($appName == '' ? '' : $appName . DIRECTORY_SEPARATOR) . substr($resource, 0, $pos); $resource = substr($resource, $pos); $file = Cml::getApplicationDir('apps_path') . DIRECTORY_SEPARATOR . $appName . DIRECTORY_SEPARATOR . Cml::getApplicationDir('app_static_path_name') . $resource; if (is_file($file) || ++$i >= $routeAppHierarchy) { break; } } if (is_file($file)) { Response::sendContentTypeBySubFix(substr($resource, strrpos($resource, '.') + 1)); exit(file_get_contents($file)); } else { Response::sendHttpStatus(404); } } }