Debugger::enable(); // Configure application $configurator = new Nette\Config\Configurator(); $configurator->setTempDirectory(__DIR__ . '/temp'); $container = $configurator->createContainer(); // Setup router // Homepage and about $container->router[] = new Route('<page (|about)>', function ($presenter, $page) { $page = $page ?: 'default'; return $presenter->createTemplate()->setFile(__DIR__ . '/app/' . $page . '.latte'); }); $container->router[] = new Route('process', function ($presenter) { require __DIR__ . '/app/PngCompressor.php'; /* Accept input */ // Never trust user input $filename = trim($_SERVER['HTTP_X_FILE_NAME']); $filename = sanitizePath($filename); $filepath = FILES_DIR . '/' . $filename; // Save file $file = file_get_contents("php://input"); file_put_contents($filepath, $file); /* Process and send result */ $response = PngCompressor::compress($filepath, $filename); return new Nette\Application\Responses\JsonResponse($response); }); // Download $container->router[] = new Route('download/<filename>', function ($presenter, $filename) { return new Nette\Application\Responses\FileResponse(FILES_DIR . '/' . sanitizePath($filename)); }); // Run the application! $container->application->run();
/** * Jails the $path to $jail. The result will either be a path to an existing file or directory or the $jail itself in case * $path would lie outside of the $jail. * @param string $jail Forced root of the $path to jail. Absolute path is recommended. Jail need not exist. * @param string $path Relative or absolute path to jail. Path need not exist. * @return string The jailed path or the jail itself if the file or directory lies outside the jail or does not exist. */ function jailpath($jail, $path) { $jail = sanitizePath($jail); $path = isPathAbsolute($path) ? sanitizePath($path) : sanitizePath("{$jail}/{$path}"); return startsWith($path, $jail) ? $path : $jail; }
/** * Jails files returned by {@link #getFiles()} to the given directory or returns the current jail * if no arguments are passed. By default files are jailed to DiamondMVC's root. * * You can pass an empty string to remove the jail, but this is not recommended as it could possibly, * depending on server settings, list files outside of the htdocs root. * @param string $path * @return ControllerFileBrowser */ public function jail($path = '') { if (func_num_args() === 0) { return $this->jail; } $this->jail = sanitizePath($path); return $this; }