/** * Checks if a resource which lies in document root is really publicly available * This is currently only done by checking configured secure paths, not by requesting the resources * * @param ResourceInterface $resource * @return bool */ protected function isPubliclyAvailable(ResourceInterface $resource) { $resourceUri = $this->getResourceUri($resource); $securedFoldersExpression = $this->configurationManager->getValue('securedDirs'); if (substr($this->configurationManager->getValue('filetype'), 0, 1) === '\\') { $fileExtensionExpression = $this->configurationManager->getValue('filetype'); } else { $fileExtensionExpression = '\\.(' . $this->configurationManager->getValue('filetype') . ')'; } // TODO: maybe check if the resource is available without authentication by doing a head request return !(preg_match('/((' . HtmlParser::softQuoteExpression($securedFoldersExpression) . ')+?\\/.*?(?:(?i)' . $fileExtensionExpression . '))/i', $resourceUri, $matchedUrls) && is_array($matchedUrls) && $matchedUrls[0] === $resourceUri); }
/** * @param string $string * @return mixed */ protected function softQuoteExpression($string) { return \Bitmotion\NawSecuredl\Parser\HtmlParser::softQuoteExpression($string); }