Home Explore Help
Sign In
LBP
/
FressRSS
mirror of https://github.com/FreshRSS/FreshRSS.git
4
0
Fork 0
Files Issues 0 Wiki
Tree: 1ee1fcce91
Branches Tags
FressRSS
/
p
/
ext.php

ext.php 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. <?php
    2. 

  2. 

  3. require(__DIR__ . '/../constants.php');
    4. 

  4. 

  5. // Supported types with their associated content type
    6. 

  6. const SUPPORTED_TYPES = [
    7. 

  7. 	'css' => 'text/css; charset=UTF-8',
    8. 

  8. 	'js' => 'application/javascript; charset=UTF-8',
    9. 

  9. 	'png' => 'image/png',
    10. 

  10. 	'jpeg' => 'image/jpeg',
    11. 

  11. 	'jpg' => 'image/jpeg',
    12. 

  12. 	'gif' => 'image/gif',
    13. 

  13. 	'svg' => 'image/svg+xml',
    14. 

  14. ];
    15. 

  15. 

  16. function is_valid_path_extension($path, $extensionPath) {
    17. 

  17. 	// It must be under the extension path.
    18. 

  18. 	$real_ext_path = realpath($extensionPath);
    19. 

  19. 

  20. 	//Windows compatibility
    21. 

  21. 	$real_ext_path = str_replace('\\', '/', $real_ext_path);
    22. 

  22. 	$path = str_replace('\\', '/', $path);
    23. 

  23. 

  24. 	$in_ext_path = (substr($path, 0, strlen($real_ext_path)) === $real_ext_path);
    25. 

  25. 	if (!$in_ext_path) {
    26. 

  26. 		return false;
    27. 

  27. 	}
    28. 

  28. 

  29. 	// File to serve must be under a `ext_dir/static/` directory.
    30. 

  30. 	$path_relative_to_ext = substr($path, strlen($real_ext_path) + 1);
    31. 

  31. 	list(,$static,$file) = sscanf($path_relative_to_ext, '%[^/]/%[^/]/%s');
    32. 

  32. 	if (null === $file || 'static' !== $static) {
    33. 

  33. 		return false;
    34. 

  34. 	}
    35. 

  35. 

  36. 	return true;
    37. 

  37. }
    38. 

  38. 

  39. /**
    40. 

  40.  * Check if a file can be served by ext.php. A valid file is under a
    41. 

  41.  * CORE_EXTENSIONS_PATH/extension_name/static/ or THIRDPARTY_EXTENSIONS_PATH/extension_name/static/ directory.
    42. 

  42.  *
    43. 

  43.  * You should sanitize path by using the realpath() function.
    44. 

  44.  *
    45. 

  45.  * @param $path the path to the file we want to serve.
    46. 

  46.  * @return true if it can be served, false otherwise.
    47. 

  47.  *
    48. 

  48.  */
    49. 

  49. function is_valid_path($path) {
    50. 

  50. 	return is_valid_path_extension($path, CORE_EXTENSIONS_PATH) || is_valid_path_extension($path, THIRDPARTY_EXTENSIONS_PATH);
    51. 

  51. }
    52. 

  52. 

  53. function sendBadRequestResponse(string $message = null) {
    54. 

  54. 	header('HTTP/1.1 400 Bad Request');
    55. 

  55. 	die($message);
    56. 

  56. }
    57. 

  57. 

  58. function sendNotFoundResponse() {
    59. 

  59. 	header('HTTP/1.1 404 Not Found');
    60. 

  60. 	die();
    61. 

  61. }
    62. 

  62. 

  63. if (!isset($_GET['f']) ||
    64. 

  64. 	!isset($_GET['t'])) {
    65. 

  65. 	sendBadRequestResponse('Query string is incomplete.');
    66. 

  66. }
    67. 

  67. 

  68. $file_name = urldecode($_GET['f']);
    69. 

  69. $file_type = $_GET['t'];
    70. 

  70. if (empty(SUPPORTED_TYPES[$file_type])) {
    71. 

  71. 	sendBadRequestResponse('File type is not supported.');
    72. 

  72. }
    73. 

  73. 

  74. $absolute_filename = realpath(EXTENSIONS_PATH . '/' . $file_name);
    75. 

  75. if (!is_valid_path($absolute_filename)) {
    76. 

  76. 	sendBadRequestResponse('File is not supported.');
    77. 

  77. }
    78. 

  78. 

  79. $content_type = SUPPORTED_TYPES[$file_type];
    80. 

  80. header("Content-Type: {$content_type}");
    81. 

  81. header("Content-Disposition: inline; filename='{$file_name}'");
    82. 

  82. 

  83. $mtime = @filemtime($absolute_filename);
    84. 

  84. if ($mtime === false) {
    85. 

  85. 	sendNotFoundResponse();
    86. 

  86. }
    87. 

  87. 

  88. require(LIB_PATH . '/http-conditional.php');
    89. 

  89. 

  90. if (!httpConditional($mtime, 604800, 2)) {
    91. 

  91. 	readfile($absolute_filename);
    92. 

  92. }
    93.