Issue 6 Refactor to StaticModule::validateDirectory()

classes/modules/staticModule.php

@@ -24,17 +24,9 @@ class StaticModule extends abstractModule{
   	global $uri;
   	global $acceptContentType;
   	global $endpoints;
-  	global $lodspk;  
-      
-  	$staticdir = realpath($conf['static']['directory']);
-    $imgdir = realpath($conf['static']['directory'] . "img");
-    $resourcepath = realpath($conf['static']['directory'].$file);
-
-    // static resources should be in static or img dir (img may be symlinked, check realpath of img as well)
-    if (strpos($resourcepath, $staticdir)!== 0 and strpos($resourcepath, $imgdir)!== 0) {
-    	HTTPStatus::send404($file); // send404 calls exit();//
-        }
-        $filenamearray =explode(".",$file);
+  	global $lodspk;
+    $this->validateDirectory($conf, $file);
+		$filenamearray =explode(".",$file);
   	$extension = end($filenamearray);
   	$ct = $this->getContentType($extension);
   	header("Content-type: ".$ct);
@@ -95,8 +87,26 @@ class StaticModule extends abstractModule{
    }
    return ""; //empty string seems to work fine with browsers
   }
-  
-  
+
+	/**
+	 * Validate that resource directory is valid and safe to use.
+	 *
+	 * @param array $conf
+   *   Global configuration.
+   * @param $file
+	 *
+	 * @return void
+	 */
+  private function validateDirectory(array $conf, $file): void
+	{
+		$staticdir = realpath($conf['static']['directory']);
+		$imgdir = realpath($conf['static']['directory'] . "img");
+		$resourcepath = realpath($conf['static']['directory'].$file);
+
+		// static resources should be in static or img dir (img may be symlinked, check realpath of img as well)
+		if (strpos($resourcepath, $staticdir)!== 0 and strpos($resourcepath, $imgdir)!== 0) {
+			HTTPStatus::send404($file); // send404 calls exit();//
+		}
+	}
   
 }
-?>