diff --git a/classes/modules/staticModule.php b/classes/modules/staticModule.php
index 203a861932ae840bbfd69196a1179d055cf677a7..51f51ec23edabff535b0923e7724ced95753ae28 100644
--- a/classes/modules/staticModule.php
+++ b/classes/modules/staticModule.php
@@ -25,7 +25,16 @@ class StaticModule extends abstractModule{
global $acceptContentType;
global $endpoints;
global $lodspk;
- $filenamearray =explode(".",$file);
+
+ $staticdir = realpath($conf['static']['directory']);
+ $imgdir = realpath($conf['static']['directory'] . "img");
+ $resourcepath = realpath($conf['static']['directory'].$file);
+
+ // static resources should be in static or img dir (img may be symlinked)
+ if (not(strpos($resourcepath, $staticdir)=== 0 or strpos($resourcepath, $imgdir)=== 0)) {
+ HTTPStatus::send404($file); // send404 calls exit();//
+ }
+ $filenamearray =explode(".",$file);
$extension = end($filenamearray);
$ct = $this->getContentType($extension);
header("Content-type: ".$ct);
@@ -34,6 +43,7 @@ class StaticModule extends abstractModule{
Logging::log("In ".$conf['static']['directory']." static file $file");
}
$htmlExtension = 'html';
+
if($conf['static']['haanga'] && substr_compare($file, $htmlExtension, -strlen($htmlExtension), strlen($htmlExtension)) === 0){
$lodspk['home'] = $conf['basedir'];
$lodspk['baseUrl'] = $conf['basedir'];
@@ -46,14 +56,12 @@ class StaticModule extends abstractModule{
$lodspk['local']['value'] = $localUri;
$lodspk['local']['curie'] = Utils::uri2curie($localUri);
$lodspk['contentType'] = $acceptContentType;
- $lodspk['endpoint'] = $conf['endpoint'];
- $lodspk['type'] = $modelFile;
- $lodspk['header'] = $prefixHeader;
+ $lodspk['endpoint'] = $conf['endpoint'];
$lodspk['baseUrl'] = $conf['basedir'];
-
+
Utils::processDocument($conf['static']['directory'].$file, $lodspk, null);
}else{
- echo file_get_contents($conf['static']['directory'].$file);
+ echo file_get_contents($conf['static']['directory'].$file);
}
}