if (0 === stripos($resource, $allowedResource)) { $isResourceAllowed = true; } } return $isResourceAllowed; }; if (file_exists($configCacheFile) && is_readable($configCacheFile)) { $config = json_decode(file_get_contents($configCacheFile), true); //checking update time if (filemtime($configCacheFile) + $config['update_time'] > time()) { $mediaDirectory = trim(str_replace(__DIR__, '', $config['media_directory']), '/'); $allowedResources = array_merge($allowedResources, $config['allowed_resources']); } } // Serve file if it's materialized $request = new \Magento\MediaStorage\Model\File\Storage\Request(__DIR__); if ($mediaDirectory) { if (0 !== stripos($request->getPathInfo(), $mediaDirectory . '/') || is_dir($request->getFilePath())) { header('HTTP/1.0 404 Not Found'); exit; } $relativeFilename = str_replace($mediaDirectory . '/', '', $request->getPathInfo()); if (!$isAllowed($relativeFilename, $allowedResources)) { header('HTTP/1.0 404 Not Found'); exit; } if (is_readable($request->getFilePath())) { $transfer = new \Magento\Framework\File\Transfer\Adapter\Http(new \Magento\Framework\HTTP\PhpEnvironment\Response(), new \Magento\Framework\File\Mime()); $transfer->send($request->getFilePath()); exit; }
use Magento\Framework\HTTP\PhpEnvironment\Request; use Magento\Framework\Stdlib\Cookie\PhpCookieReader; require dirname(__DIR__) . '/app/bootstrap.php'; $mediaDirectory = null; $allowedResources = []; $configCacheFile = BP . '/var/resource_config.json'; $isAllowed = function ($resource, array $allowedResources) { $isResourceAllowed = false; foreach ($allowedResources as $allowedResource) { if (0 === stripos($resource, $allowedResource)) { $isResourceAllowed = true; } } return $isResourceAllowed; }; $request = new \Magento\MediaStorage\Model\File\Storage\Request(new Request(new PhpCookieReader(), new Magento\Framework\Stdlib\StringUtils())); $relativePath = $request->getPathInfo(); if (file_exists($configCacheFile) && is_readable($configCacheFile)) { $config = json_decode(file_get_contents($configCacheFile), true); //checking update time if (filemtime($configCacheFile) + $config['update_time'] > time()) { $mediaDirectory = $config['media_directory']; $allowedResources = $config['allowed_resources']; // Serve file if it's materialized if ($mediaDirectory) { if (!$isAllowed($relativePath, $allowedResources)) { header('HTTP/1.0 404 Not Found'); exit; } $mediaAbsPath = $mediaDirectory . '/' . $relativePath; if (is_readable($mediaAbsPath)) {