Skip to content
Snippets Groups Projects

add check for static dir and static/img

Merged add check for static dir and static/img
lodspeakr-issue-6 into master
Merged Oyvind.Gjesdal requested to merge lodspeakr-issue-6 into master
Compare
and
1 file
+ 112
85
Compare changes
  • Side-by-side
  • Inline
classes/modules/staticModule.php
+ 112
85
<?php
require_once('abstractModule.php');
class StaticModule extends abstractModule{
//Static module
public function match($uri){
global $conf;
global $localUri;
global $uri;
global $acceptContentType;
global $endpoints;
global $lodspk;
$q = preg_replace('|^'.$conf['basedir'].'|', '', $localUri);
if(strlen($q)>0 && file_exists($conf['home'].$conf['static']['directory'].$q)){
return $q;
}
return FALSE;
public function match($uri)
{
global $conf;
global $localUri;
global $uri;
global $acceptContentType;
global $endpoints;
global $lodspk;
$q = preg_replace('|^' . $conf['basedir'] . '|', '', $localUri);
if (strlen($q) > 0 && file_exists($conf['home'] . $conf['static']['directory'] . $q)) {
return $q;
}
return FALSE;
}
public function execute($file){
global $conf;
global $localUri;
global $uri;
global $acceptContentType;
global $endpoints;
global $lodspk;
$filenamearray =explode(".",$file);
$extension = end($filenamearray);
$ct = $this->getContentType($extension);
header("Content-type: ".$ct);
$uri = $localUri;
if($conf['debug']){
Logging::log("In ".$conf['static']['directory']." static file $file");
}
$htmlExtension = 'html';
if($conf['static']['haanga'] && substr_compare($file, $htmlExtension, -strlen($htmlExtension), strlen($htmlExtension)) === 0){
$lodspk['home'] = $conf['basedir'];
$lodspk['baseUrl'] = $conf['basedir'];
$lodspk['module'] = 'static';
$lodspk['root'] = $conf['root'];
$lodspk['contentType'] = $acceptContentType;
$lodspk['ns'] = $conf['ns'];
$lodspk['this']['value'] = $localUri;
$lodspk['this']['curie'] = Utils::uri2curie($localUri);
$lodspk['local']['value'] = $localUri;
$lodspk['local']['curie'] = Utils::uri2curie($localUri);
$lodspk['contentType'] = $acceptContentType;
$lodspk['endpoint'] = $conf['endpoint'];
$lodspk['type'] = $modelFile;
$lodspk['header'] = $prefixHeader;
$lodspk['baseUrl'] = $conf['basedir'];
Utils::processDocument($conf['static']['directory'].$file, $lodspk, null);
}else{
echo file_get_contents($conf['static']['directory'].$file);
}
public function execute($file)
{
global $conf;
global $localUri;
global $uri;
global $acceptContentType;
global $endpoints;
global $lodspk;
$this->validateDirectory($conf, $file);
$filenamearray = explode(".", $file);
$extension = end($filenamearray);
$ct = $this->getContentType($extension);
header("Content-type: " . $ct);
$uri = $localUri;
if ($conf['debug']) {
Logging::log("In " . $conf['static']['directory'] . " static file $file");
}
$htmlExtension = 'html';
if ($conf['static']['haanga'] && substr_compare($file, $htmlExtension, -strlen($htmlExtension), strlen($htmlExtension)) === 0) {
$lodspk['home'] = $conf['basedir'];
$lodspk['baseUrl'] = $conf['basedir'];
$lodspk['module'] = 'static';
$lodspk['root'] = $conf['root'];
$lodspk['contentType'] = $acceptContentType;
$lodspk['ns'] = $conf['ns'];
$lodspk['this']['value'] = $localUri;
$lodspk['this']['curie'] = Utils::uri2curie($localUri);
$lodspk['local']['value'] = $localUri;
$lodspk['local']['curie'] = Utils::uri2curie($localUri);
$lodspk['contentType'] = $acceptContentType;
$lodspk['endpoint'] = $conf['endpoint'];
$lodspk['baseUrl'] = $conf['basedir'];
Utils::processDocument($conf['static']['directory'] . $file, $lodspk, null);
}
else {
echo file_get_contents($conf['static']['directory'] . $file);
}
}
private function getContentType($e){
$contentTypes = array('html' => 'text/html',
'css' => 'text/css',
'js' => 'application/javascript',
'json' => 'application/json',
'jsonp'=> 'application/javascript',
'nt' => 'text/plain',
'ttl' => 'text/turtle',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'gif' => 'image/gif',
'bmp' => 'image/bmp',
'pdf' => 'application/pdf',
'zip' => 'application/zip',
'gz' => 'application/gzip',
'svg' => 'image/svg+xml'
);
//Add new/override existing mime types defined by user
if(isset($conf['static']['mimetypes'])){
foreach($conf['static']['mimetypes'] as $k => $v){
$contentTypes[$k] = $v;
}
}
if(isset($contentTypes[$e])){
return $contentTypes[$e];
}
return ""; //empty string seems to work fine with browsers
private function getContentType($e)
{
$contentTypes = [
'html' => 'text/html',
'css' => 'text/css',
'js' => 'application/javascript',
'json' => 'application/json',
'jsonp' => 'application/javascript',
'nt' => 'text/plain',
'ttl' => 'text/turtle',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'gif' => 'image/gif',
'bmp' => 'image/bmp',
'pdf' => 'application/pdf',
'zip' => 'application/zip',
'gz' => 'application/gzip',
'svg' => 'image/svg+xml',
];
//Add new/override existing mime types defined by user.
if (isset($conf['static']['mimetypes'])) {
foreach ($conf['static']['mimetypes'] as $k => $v) {
$contentTypes[$k] = $v;
}
}
if (isset($contentTypes[$e])) {
return $contentTypes[$e];
}
return "";
}
/**
* Validate that resource directory is valid and safe to use.
*
* @param array $conf
* Global configuration.
* @param $file
*
* @return void
*/
private function validateDirectory(array $conf, $file): void
{
$staticDirectory = realpath($conf['static']['directory']);
$imgDirectory = realpath($conf['static']['directory'] . "img");
$resourcePath = realpath($conf['static']['directory'] . $file);
if (strpos($resourcePath, $staticDirectory) !== 0 && strpos($resourcePath, $imgDirectory) !== 0) {
HTTPStatus::send404($file);
}
}
}
?>